Presentation is loading. Please wait.

Presentation is loading. Please wait.

There is a tsunami of bad heading our way Michael Hayden Four star general Director of the NSA Director of the CIA Director of National Intelligence.

Published byBrayden Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "There is a tsunami of bad heading our way Michael Hayden Four star general Director of the NSA Director of the CIA Director of National Intelligence."— Presentation transcript:

1

2

3 There is a tsunami of bad heading our way

4 Michael Hayden Four star general Director of the NSA Director of the CIA Director of National Intelligence

5 Edward Snowden Age 30 College dropout

6 You’re an Admin PWNED!!! Admins have the keys to the kingdom

7

8

9

10

11

12 PS> Enter-PSSession Server1 FAIL! – Talk to your supervisor for assistance “Jeffrey I need to be admin on Server1 to restart SQL” “No Eddie. Just use Jea and connect to the ‘Maintenance EndPoint” PS> Enter-JeaSession Server1 –Name Maintenance Server1> Restart-Service MSSQLSERVER Server1 Server1> Steal-Secrets Error: You are not authorized to Steal-Secrets

13

14

15 JeaEndpointAccounts puts the server in a blast container Avoid domain accounts and Group Managed Service Accounts [GMSA] because they extend any breach to all servers that these accounts have access to

16 Configuration FileServers { foreach ($node in Get-FileServers) { Node $node { JeaToolkit StorageTools {CommandSpecs = @' Module Storage SMBShare '@ } JeaEndpoint StorageAdmin {ToolKit = 'StorageTools‘ SecurityDescriptorSddl = 'O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)' } FileServers -OutputPath. Start-DscConfiguration.\FileServers -ComputerName (Get-StorageServers)

17 JeaToolkit SQLMaintenace { Name = ‘SQLMaintenance’ CommandSpecs = @' Module,Name,Parameter,ValidateSet,ValidatePattern SQL,GET-*,Get-Process,Get-Service,Stop-Process,Name,calc;notepad,Restart-Service,Name,,^SQL '@ }

18 JeaToolkit SQLMaintenace { Name = "SQLMaintenace" CommandSpecs = cat.\SQL.csv -raw }

19

20

21

22

23 Server1 PowerShell Remoting connects to Configurations Name ACL StartupScript RunAsCredentials Get-Command *PSSessionConfiguration

24

25

26

27 $ss = $ExecutionContext.SessionState $ss.Scripts.Clear() $ss.Applications.clear() $s.Applications.add("C:\windows\system32\calc.exe") (Get-Command restart-computer).visibility=“private” Always hide Invoke-Expression New-Object

28 Get-Module $Module | % {$_.LogPipelineExecutionDetails = $true}

29 $user = $PSSenderInfo. ConnectedUser Send-MailMessage –Message “$user on machine $(hostname)” $today = [DateTime]::NOW.DayofWeek If ($today –in “Saturday”,”Sunday”) { throw “GO HOME”}

30 $myid = $ExecutionContext.host.Runspace.InstanceId Get-WinEvent -LogName Microsoft-Windows-PowerShell/Operational | where {$_.properties.Value -match "Runspace ID = $myid"} | foreach { New-Object PSObject –Property @{ Command = $_.Properties[2].Value Time = $_.TimeCreated } }

31

32

33

34 BlackHat 2010 Q: What do we do about all these attacks? A: “Man up and defend yourselves!”

35 Jea – Just Enough Admin PowerShell role-based administration to secure a post-Snowden world

36 Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall CD For More Information Windows Server 2012 R2 http://technet.microsoft.com/en-US/evalcenter/dn205286 Microsoft Azure http://azure.microsoft.com/en-us/ System Center 2012 R2 http://technet.microsoft.com/en-US/evalcenter/dn205295 Azure Pack http://www.microsoft.com/en-us/server- cloud/products/windows-azure-pack

37 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

38

39

40

41

Download ppt "There is a tsunami of bad heading our way Michael Hayden Four star general Director of the NSA Director of the CIA Director of National Intelligence."

Similar presentations

Data centers Scalability Targets -Storage Account.

Data centers Scalability Targets -Storage Account.
SIM212 Service Management in Clouds Self-Service -- Metered -- Elastic (Key Tenets) Multi-tenant -- Automation -- Scalable Datacenter Admin Service.

SIM212 Service Management in Clouds Self-Service -- Metered -- Elastic (Key Tenets) Multi-tenant -- Automation -- Scalable Datacenter Admin Service.
Develop your database with Visual Studio

Develop your database with Visual Studio
Consumer / personal data Individual work data Team / group work data Personal devices Data location SkyDrive Public cloud SkyDrive Pro SharePoint.

Consumer / personal data Individual work data Team / group work data Personal devices Data location SkyDrive Public cloud SkyDrive Pro SharePoint.
Windows PowerShell Crash Course Don Jones Concentrated Technology Jeffrey Snover Microsoft WSV321.

Windows PowerShell Crash Course Don Jones Concentrated Technology Jeffrey Snover Microsoft WSV321.
Agenda Human Process + System Automation Better together Demos Identify self service opportunities Enable cloud through automation Key Takeaways.

Agenda Human Process + System Automation Better together Demos Identify self service opportunities Enable cloud through automation Key Takeaways.
3 5 6 7 Find an app in the Start Screen: just type on the screen.

Find an app in the Start Screen: just type on the screen.
Faith Allington Program Manager Microsoft Corporation WSV322.

Faith Allington Program Manager Microsoft Corporation WSV322.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Turning PowerShell Commands into Reusable CLI and GUI Tools Don Jones Senior Partner and Principal Technologist Concentrated Technology, LLC WCL404.

Turning PowerShell Commands into Reusable CLI and GUI Tools Don Jones Senior Partner and Principal Technologist Concentrated Technology, LLC WCL404.
4/9/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/9/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
What Is Azure ! Thierry Gasser Technical Solution Professional (TSP)

What Is Azure ! Thierry Gasser Technical Solution Professional (TSP)
4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Microsoft Dynamics AX Technical Conference 2013

Microsoft Dynamics AX Technical Conference 2013
What most companies get from ARIN In total, that range is only 3,566 blocks of /24!!!

What most companies get from ARIN In total, that range is only 3,566 blocks of /24!!!
4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Computer CPU BUS Memory VM Back Channel Memory BUS Node 1 Node 2 VM.

Computer CPU BUS Memory VM Back Channel Memory BUS Node 1 Node 2 VM.
Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.

Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall.

Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall.

Similar presentations

Ads by Google