Crouching Admin, Hidden Hacker Techniques for Hiding and Detecting Traces Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign.

Slides:



Advertisements
Similar presentations
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Advertisements

Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.
Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Session Goal Be familiar with the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics!
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Chapter 4 Application Security Knowledge and Test Prep
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Data Mining 2012 with Microsoft Excel 2010 and PowerPivot Mark Tabladillo, Ph.D. Microsoft MVP, Data Mining Architect MarkTab Consulting DBI204.
Auditing in Microsoft SQL Server 2012 Il-Sung Lee Program Manager Microsoft Corporation DBI407.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.
Data Mining 2012 with Microsoft Excel 2010 and PowerPivot Mark Tabladillo, Ph.D. Microsoft MVP, Data Mining Architect MarkTab Consulting DBI204.
Paula Januszkiewicz IT Security Auditor, MVP, MCT ISCG Session Code: SIA308.
Top 10 Production Experiences with Service Manager and Orchestrator Nathan Lasnoski Infrastructure Architect Microsoft MVP Concurrency.
Office Deployment – Notes from the Field Richard Smith Solution Architect – Services Client Solutions Microsoft Corporation OSP340.
Branding and Customizing My Sites with Microsoft SharePoint Server 2010 John Ross & Randy Drisgill MVPs Rackspace Hosting OSP337.
Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012) Chuck Heinzelman Senior Program Manager – BPD CX Microsoft Corporation.
Step-by-Step Building Search Driven Applications That Matter Scot Hillier SharePoint MVP Scot Hillier Technical Solutions, LLC OSP336.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.
Optimizing Microsoft SQL Server Analysis Services for Big Data Adam Jorgensen Microsoft Corporation.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Building Metro style UIs Paul Gusmorino Lead Program Manager Microsoft Corporation DEV354.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Building Metro style apps with HTML and JavaScript Paul Gusmorino Lead Program Manager Microsoft Corporation.
SIM327. Andy Malone is the CEO of Quality Training Ltd and founder of both the Dive Deeper Technology and Cybercrime Security events. Based in Scotland,
Raiders of the Elevated Token: Understanding User Account Control and Session Isolation Raymond P.L. Comvalius Independent IT Infrastructure Architect.
The Dirty Dozen: Windows PowerShell Scripts for the Busy DBA Ike Ellis.
Advanced Microsoft SharePoint 2010 Upgrade Troubleshooting Todd Klindt SharePoint Nerd Rackspace OSP339.
Building SharePoint Online Applications in a Hybrid World Chris Johnson General Manager Provoke Solutions - Seattle OSP331.
AZR203. WA Storage Geo-Replication.
ASP.NET for Mobile and Tablet Development Damian Edwards Senior Program Manager Microsoft Corporation.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
10 Deadly Sins of Administrators about Windows Security Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE:
CAP6135: Malware and Software Vulnerability Analysis Rootkits Cliff Zou Spring 2012.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Windows Phone: Building Enterprise Apps Rob Tiffany Architect Microsoft Corporation WPH207.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
FDN03. Source: IDC, Media Tablet Multi-Client Study, February Note: IDC only surveyed iPad owners for this study.
OSP201: Creating Self- Service BI Solutions with SharePoint Server 2010 Peter Myers.
Application Lifecycle Management Tools for C++ in Visual Studio 2012 Rong Lu Program Manager Visual C++ Microsoft Corporation DEV316.
The Ultimate Guide to Building Wireless Network Security Hasain Alshakarti Senior Security Advisor, Microsoft MVP Enterprise Security TrueSec Inc SIA307.
Microsoft SQL Server Data Tools: Database Development from Zero to Sixty Gert Drapers Principal Group Program Manager Microsoft Corporation.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
What’s New in.NET 4.5 Layla Driscoll Senior Program Manager Microsoft Corporation.
Cloud-Ready Data Services. cloud data services.
What web developers need to know when building Metro style apps Scott Dickens Principal Program Manager Lead Microsoft Corporation DEV352.
MGT305 - Application Management in Private and Public Clouds Daniel Savage Microsoft Corporation MGT305 Kenan Owens Microsoft Corporation.
Windows 7, Configuring. Exam Cram : Configuring Windows 7 Bob Reinsch Senior Technical Instructor Centriq Training, Kansas City (USA)
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
Making Agile Estimation Work Joel Semeniuk and Stephen Forte Microsoft Corporation AAP309.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
Building Metro style apps with XAML with.NET Tim Heuer Program Manager Microsoft Corporation DEV353.
Ilija Jovičić Sophos Consultant.
Microsoft /21/ :21 AM BRK3292 Understand Credential Security: Important Things You Need to Know About Storing Your Identity Paula Januszkiewicz.
Malware Reverse Engineering Process
6/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Microsoft /6/ :30 PM BRK3293 Explore adventures in the underland: Forensic techniques against hackers evading the hook Paula Januszkiewicz.
Introduction to SQL Server 2000 Security
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
11/12/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
SIA304 Learning the Basics of Penetration Testing!
11/21/2018 4:57 AM SIA303 Advanced Persistent Threats (APT): Understanding the New Era of Attacks! Marcus Murray Security Team Manager, Microsoft MVP –
Identity Infrastructure Fundamentals and Key Capabilities
Real World Developer Testing
Operating System Security
Running Reporting Services in SharePoint Integrated Mode: How and Why
8/4/ :27 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
TechEd /18/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Presentation transcript:

Crouching Admin, Hidden Hacker Techniques for Hiding and Detecting Traces Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE:

Accountability IdeaHiding & Detecting 1234 Delivery & LaunchSummary

The above means that every step leaves some trace! Windows 7 is designed to be used securely Achieved Evaluation Assurance Level (EAL) 4+ certification that meets Federal Information Processing Standard (FIPS) #140-2 Has C2 certification (Trusted Computer System Evaluation Criteria) Passed the Common Criteria Certification process

Accountability IdeaHiding & Detecting 1234 Delivery & LaunchSummary

Event Log Extendable Supported by API Plain text files (.log) Kernel traces Notifications SQL (ODBC) Application related

demo

demo Logs Less & More Advanced

Binaries are delivered With files from the Internet On the removable media Through LAN Through offline access By manipulating legitimate files Using vulnerabilities Buffer overflows

demo Replacing Files

demo "Vulnerabilities"

demo Services & ACLs

Cheating administrator Using automated ways Explorer Services Drivers DLLs Replacing files Path manipulation Injecting code Hooking calls

demo Services (In)Security

demo From A to Z - DLLs

demo Stuxnet Drivers

Problem: Too much information to control Solution: Select areas with high probability of infection DLLs Services Executables Drivers This attitude works as a first step

Accountability IdeaHiding & Detecting 1234 Delivery & LaunchSummary

demo Protected Processes

Bypassing neighbored process objects Pointing the pointer nt!_eprocess ActiveProcessLinks manipulation Does not affect software operation Threads are still visible

demo Hidden Processes

demo Hooking

demo Passwords In Operating System

Accountability IdeaHiding & Detecting 1234 Delivery & LaunchSummary

Learn how to detect malicious situations Know your system when it is safe – you need a baseline If you detect a successful attack – do not try to fight Report the issue Format your drive Estimate the range of the attack Know how to recover your data, when necessary

Breakout Sessions (SIA203, SIA311, SIA304, SIA307) Find Me Later At TLC

Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

Evaluations Submit your evals online

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.