Protecting your Domain Admin Account

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Module 4: Implementing User, Group, and Computer Accounts

11 MANAGING USERS AND GROUPS Chapter 13. Chapter 13: MANAGING USERS AND GROUPS2 OVERVIEW  Configure and manage user accounts  Manage user account properties.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Module 8: Implementing Administrative Templates and Audit Policy.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

WARNING! Sample chapter -Materials in this sample chapter is selected advanced penetration from

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Netconf for Peering Automation APRICOT 2015 Tom Paseka.

Databases and security continued CMSC 461 Michael Wilson.

Module 7: Fundamentals of Administering Windows Server 2008.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Section 5: Troubleshooting and Backing Up GPOs Using Group Policy Troubleshooting Tools Integration of RSoP Functionality Using Logging Options Backing.

Module 5: Implementing Group Policy

Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.

Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.

Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.

System Center & SharePoint On- Prem Matija Blagus, Acceleratio

Module 10: Implementing Administrative Templates and Audit Policy.

M ORAL AND ETHICAL ISSUES. Use and Abuse of Personal and Private Data All the information stored on Computer is governed by law or legislation. The main.

Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.

Myrtle Entertainment System Scanner How to work your way to installing a program via Myrtle Entertainment System Scanner.

Module 7: Designing Security for Accounts and Services.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Kerberos Miha Pihler MVP – Enterprise Security Microsoft Certified Master | Exchange 2010.

Top 10 Things to Stay Out of the News Ron Schlecht.

©2014 CliftonLarsonAllen LLP CLAconnect.com See CLA PowerPoint User Guide for instructions to insert an image or change the icon on the business card.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Security Around MySQL Presented by: Danil Zburivsky/Singer Wang.

Defense In Depth: Minimizing the Risk of SQL Injection

Microsoft Azure Active Directory Identity Solutions

Stopping Attacks Before They Stop Business

Hacking Windows.

Managing User and Service Accounts

Six Steps to Secure Access for Privileged Insiders and Vendors

Configuring Windows Firewall with Advanced Security

Security Issues.

Router Startup and Setup

ConfigMgr for (More) Evil!

Darren Mar-Elia Head of Product

Microsoft Ignite /21/2018 5:56 PM

Determined Human Adversaries: Mitigations

Chapter 27: System Security

Chapter 14: Protection.

Lesson 16-Windows NT Security Issues

12 STEPS TO A GDPR AWARE NETWORK

1/3/2019 1:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Router Startup and Setup

Security through Group Policy

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

Taking Windows Security to the Next Level with Group Policy

Determined Human Adversaries: Mitigations

Administrator’s Manual

Designing IIS Security (IIS – Internet Information Service)

Test 3 review FTP & Cybersecurity

Oh no! My W1nd0ws S3rv3r 1s Vladimir Stefanović Oh no! My W1nd0ws S3rv3r 1s

Presentation transcript:

Protecting your Domain Admin Account DA 101 Protecting your Domain Admin Account

$WHOAMI Penetration Tester @ SynerComm Bug Bounty Hunter on HackerOne Python enthusiast jgardner@synercomm.com @Rhynorater @Rhynorater

… and how to protect your administrators 5 Routes to DA … and how to protect your administrators

Permissive Global Group Access + MimiKatz Solution: Apply the principle of least privilege

Permissive Global Group Access + MimiKatz Takeaway:

Permissive Global Group Access + MimiKatz Takeaway: “A local admin can extract from memory the cleartext password of any authenticated user”

BloodHound Adversary Simulation Available on GitHub @BloodhoundAD 10 minute setup Queries DC and domain computer for session and admin information Creates pretty graphs … of death PowerShell & EXE available for information gathering Adversary Simulation

Ask about an AdSim!

Permissive Global Group Access + MimiKatz Takeaway: “A local admin can extract from memory the cleartext password of any authenticated user.”

Permissive Global Group Access + MimiKatz Takeaway: “A local admin can extract from memory the cleartext password of any authenticated user.”

Permissive Global Group Access + MimiKatz Solution: Principle of Least Privilege Takeaway: Determine who really needs to be a domain administrator Don’t abuse Global Groups Educate your DAs on when their account should be used “A local admin can extract from memory the cleartext password of any authenticated user.”

LLMNR & NBT-NS Poisoning Solution: Turn them off.

LLMNR & NBT-NS Poisoning Takeaway: “Turn off LLMNR. Turn off NBT-NS. Monitor for these requests.” Graphic Credits: Aptive Consulting Ltd.

LLMNR & NBT-NS Poisoning Responder.py Takeaway: “Turn off LLMNR. Turn off NBT-NS. Monitor for these requests.”

LLMNR & NBT-NS Poisoning Inveigh.ps1 Takeaway: “Turn off LLMNR. Turn off NBT-NS. Monitor for these requests.”

LLMNR & NBT-NS Poisoning The Solution Takeaway: “Turn off LLMNR. Turn off NBT-NS. Monitor for these requests.” Turn off LLMNR in Group Policy Turn of NBT-NS via GPO Script Monitor your internal network for LLMNR & NBT-NS requests Inveigh is super easy to use

LLMNR & NBT-NS Poisoning Bonus: SMB Relay Attacks Quick Takeaway: “Turn on SMB Signing”

SYSVOL Passwords + leaked aes keys Solution: Delete the XML files. Just delete them.

SYSVOL Passwords + Leaked AES Keys Vulnerability came out in 2012, patch in 2013 We still see this ALL.THE.TIME. Takeaway: “Apply the patch, delete the XML files, and don’t put cleartext passwords in scripts.”

SYSVOL Passwords + Leaked AES Keys Who needs an AES key when the password is stored in cleartext? Takeaway: “Apply the patch, delete the XML files, and don’t put cleartext passwords in scripts.” Graphic Credit: https://adsecurity.org

SYSVOL Passwords + Leaked AES Keys The Solution Takeaway: “Apply the patch, delete the XML files, and don’t put cleartext passwords in scripts.” Educate your Sys Admins – don’t put cleartext creds in files Apply the patch to change the AES key Delete old XML files with cpassword in them.

SYSVOL Passwords + Leaked AES Keys Bonus: Run Get-GPPPassword on yourself! Takeaway: “Apply the patch, delete the XML files, and don’t put cleartext passwords in scripts.” https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1

Solution: Long Service Account Passwords Kerberoasting Solution: Long Service Account Passwords

Account used by service = any domain user can pull KRB5TGS hash KerberRoasting Account used by service = any domain user can pull KRB5TGS hash Takeaway: “Domain accounts used to run services should have long and complex passwords”

Audit your network with setspn.exe! KerberRoasting Audit your network with setspn.exe! Takeaway: “Domain accounts used to run services should have long and complex passwords”

Solution: Ensure no one but Domain Admins can access your DC backups

DC Backups User with access to DC backup = Domain Admin Takeaway: “Only Domain Admins should have access to DC Backups”

Takeaways A local admin can extract from memory the cleartext password of any authenticated user Turn off LLMNR. Turn off NBT-NS. Monitor for these requests SYSVOL Passwords + Leaked AES Keys Domain accounts used to run services should have long and complex passwords Only Domain Admins should have access to DC Backups

DA101 - Kit https://www.SHELLNTELL.com/blog/da-101 Question or Help? Justin Gardner – jgardner@synercomm.com

Questions?