Presentation is loading. Please wait.

Presentation is loading. Please wait.

and Mitigations Brady Bloxham

Published byPedro Holtby Modified over 10 years ago

Similar presentations

Presentation on theme: "and Mitigations Brady Bloxham"— Presentation transcript:

1 and Mitigations Brady Bloxham
Hacking Techniques and Mitigations Brady Bloxham

2 About Us Services Eat, breathe, sleep, talk,
Vulnerability assessments Wireless assessments Compliance testing Penetration testing Eat, breathe, sleep, talk, walk, think, act security!

3 Agenda Old methodology New methodology Techniques in action Conclusion

4 The Old Way Footprinting Network Enumeration
Vulnerability Identification Gaining Access to the Network Escalating Privileges Retain Access Return and Report

5 The Old Way (continued)

6 The New Way (my way!) Recon Plan Exploit Persist Repeat
Simple, right?! - Pen testing is more of an art than a science! - Not simple! The focus shifts from checking the box testing to not getting caught and finding ANY hole or vulnerability.

7 The New Way (continued)
Recon Plan Exploit Persist Domain Admin? Report! Yes No

8 Old vs. New So what you end up with is…

9 Recon Two types Pre-engagement On the box

10 Recon – Pre-engagment Target IT Social Networking Create profile
LinkedIn Facebook Google Bing Create profile Play to their ego Play to desperation Play to what you know - Called a target to identify AV before sending over file - Take people’s niceness and use it against them!

11 Recon – Pre-engagment Social Engineering
- Called a target to identify AV before sending over file - Take people’s niceness and use it against them!

12 Recon – On the box Netstat

13 Recon – On the box Set

14 Recon – On the box Net

15 Recon – On the box Net

16 Recon – On the box Net

17 Recon Registry Audit Settings Dump hashes RDP history
HKLM\Security\Policy\PolAdtEv Dump hashes Local hashes Domain cached credentials Windows credential editor Application credentials (Pidgin, Outlook, browsers, etc.) RDP history HKU\Software\Microsoft\Terminal Server Client\Default Installed software HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

18 Recon What do we have? High value servers (domain controller, file servers, , etc.) Group and user list Domain admins Other high value targets Installed applications Detailed account information Hashes and passwords - This can be automated using batch scripts or even better…METERPRETER scripts! - All this information after 5-10 minutes of recon!

19 Plan

20 Plan

21 Plan Test, test test! Think outside the box!
Real production environment! Recreate target environment Proxies AV Domain Verify plan with customer Think outside the box!

22 Plan

23 Plan

24 Exploit

25 Exploit The reality is…it’s much easier than that! 
No 0-days necessary! Macros Java applets EXE PDFs

26 Exploit Java Applet Macros Domain – $4.99/year Hosting – $9.99/year
wget – Free! Pwnage – Priceless! Macros Base64 encoded payload Convert to binary Write to disk Execute binary Shell!

27 Exploit The problem? A reliable payload! Obfuscation Firewalls
Antivirus Proxies

28 Straight-up meterpreter executable

29 Packed using a well known packer

30 Created custom exe template

31 Persist

32 Persist Separates the men from the boys! Custom, custom, custom!
Nothing good out there… Meterpreter – OSS Core Impact – Commercial Poison Ivy – Private DarkComet – Private Who’s going to trust these?

33 Persist How? What? Registry Service Autorun Startup folder
DLL hijacking What? Beaconing backdoor Stealthy Blend with the noise Modular

34 Repeat?!

35 Conclusion Old methodology is busted! Compliance != Secure
It’s not practice makes perfect… - It’s CORRECT practice makes perfect!

Download ppt "and Mitigations Brady Bloxham"

Similar presentations

ESPA Developers Meeting - 3rd August 1999 Application Software and RM Connect.

ESPA Developers Meeting - 3rd August 1999 Application Software and RM Connect.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Offense in Depth A Developer’s Perspective on Hacker Tradecraft.

Offense in Depth A Developer’s Perspective on Hacker Tradecraft.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Social Engineering Techniques

Social Engineering Techniques
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.

MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.
The Business of Penetration Testing

The Business of Penetration Testing
The Deep Technical Audit: How to Identify and Mitigate Risks Presented in Other Sessions David J. Goldman Joseph Nocera.

The Deep Technical Audit: How to Identify and Mitigate Risks Presented in Other Sessions David J. Goldman Joseph Nocera.
Chapter 6 Enumeration Modified 9-28-09. Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.

Chapter 6 Enumeration Modified Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.
Forensic Artifacts From A Pass The Hash (PtH) Attack

Forensic Artifacts From A Pass The Hash (PtH) Attack
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense

Similar presentations

Ads by Google