Paula Januszkiewicz IT Security Auditor, MVP, MCT ISCG Session Code: SIA308

Agenda Hacker role in IT development Hacker Techniques and Demos Things you should remember and summary

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language...

Hacker role in IT development Make IT security world running Encourage us to be up to date Test the newest technology What is the difference between techniques and habits?

At first…

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language...

Check who are you talkin’ to My DNS is… My mail server is… I am the administrator, my name is… nslookup >set type=all >victim.com

Check who are you talkin’ to

Check yourself, they do fingerprinting Interesting ports on : Not shown: 1694 closed ports PORT STATE SERVICE 21/tcp open war-ftpd 25/tcp open smtp 42/tcp open nameserver 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 119/tcp open nntp 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds (…) 3389/tcp open ms-term-serv Device type: general purpose Running (JUST GUESSING) : Microsoft Windows 2003 (94%)  Nmap printout

Internet Printing What can you find about yourself?

Then…

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language...

Offline access Bypasses operating system’s security mechanisms Access Control Lists (ACL) Watchdogs Open files SAM database - allows password reset Easy to use by each user Difficult to use by externals

Offline access Access to the damaged system File recovery Password recovery Full disk problems

Offline access How to recover from the system crash

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit Keep your knownledge up to date

Hotfix analysis Why Hotfixes are released? Hacker’s usage Change analysis Vulnerability / improper system setting area Limited time Administrator’s usage What will be changed if I install it? Should I really need this?

Hotfix analysis What is inside?

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit Keep your knownledge up to date

Use Debugger Variable choices SoftICE WinDbg DEBUG IDA Pro One idea: to look through the code and data structures Administrators: Crash dump analysis Process Explorer

Windows Debugger, Process Explorer Crash Dump Analysis, System Deep-Dive

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit Keep your knownledge up to date

Why Data Protection Matters “More than 100 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defense since 2004, it has emerged.” BBC News July 2008 – BBC News July 2008 “More than 100 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defense since 2004, it has emerged.” BBC News July 2008 – BBC News July 2008 “Some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday” PC World June 2008 – PC World June 2008 “Some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday” PC World June 2008 – PC World June 2008

Use data encryption Different levels of encryption File format level Active Directory Rights Management Services 3rd party tools – for single files / folders System level Volume level, hardware based Can be used together Prevents offline attacks

Use transmission encryption Different levels of encryption Application / Format Based Secure Socket Layer IPSec / tunneling (PPTP, L2LP) Physical encryption Makes data disclosure and manipulation harder

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit Keep your knownledge up to date

Know at least one scripting language Hackers love scripts Perl Python You should love PowerShell 2.0 Server Role management modules Server management Remoting Microsoft Common Criteria

Windows PowerShell Account Enumeration, Service Accounts, Service Location

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users At least scripting language...

Test your users Play a social engineer role Monitor them… …and show you do it Break users’ passwords Train them well

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit At least scripting language...

Have your own toolkit Internet Browser is sometimes enough CMD and build-in system tools Specialist tools Your own scripts Social engineering skills PowerShell 2.0

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit Keep your knownledge up to date

Keep your knowledge up to date IT resources Mailing Lists Blogs / RSS Webcasts Know law regulations in your country Security bulletins Microsoft SANS ISS Other

Hacker Role in IT Development Check who are you talkin’ to Summary Offine access Hotfix analysis Windows Debugger Encryption + protection At least scripting language... Test your users Have your own toolkit Keep your knownledge up to date

Summary Hackers are evil but usually very smart, we can learn a lot Human nature, not technology is the key to defense against penetration attempts Hacker succeed because they learn faster then administrators...and test all demos at home!

Whenever you want …or meet me in the ATE booth!

Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

Track Resources

Sessions On-Demand & Community Resources for IT Professionals Resources for Developers Microsoft Certification & Training Resources Resources

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.