Hacking in the Attack Kill Chain
|
|
- Dorcas Holmes
- 6 years ago
- Views:
Transcription
1
2 Hacking in the Attack Kill Chain Håkan Nohre, Consulting Systems Engineer, GIAC GPEN #9666, CISSP #76731 Erkan Djafer, Consulting Systems Engineer, CISSP # Chung-wai Lee, Cyber Security Partner Account Manager
3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#
4 About this LAB (I read the abstract ) It is not a sales session It is definitely not about Cisco products, designs, or definitive solutions! It is about offensive, not defensive techniques Hopefully, understanding how the attacker works we can build better defense or apply better risk management! Complimentary Cisco Live Berlin 2017 Breakout: BRKSEC-2309 It s Cats vs Rats in the Attack Kill Chain 4
5 Modified Kill Chain for this Breakout Note that attackers are not legally bound to follow the exact model. E.g. may establish persistence before lateral movement Recon Gain Foothold - Attack Delivery - Exploitation Command and Control Local Compromise Lateral Movement Establish Persistence Exfiltration 5
6 Focus on Methodology, not Tools! Kali Linux Metasploit Mimikatz PowerShell Empire 6
7 Lab Topology VPN to lab with AnyConnect 7
8 Lab1 Reconnaissance evil Internet /18 Try to get to IoT Directly - will not work Use OSINT recon against clients Client-A (VPN).38 Client-B (VPN).37 inside FW /24 IoT.211 AD.? 8
9 Lab 2: Gain Initial Foothold evil Spear phishing naïve end user - examine Excel with Macro - (examine RTF file) Internet /18 Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 9
10 Lab 3: Command and Control (CnC) evil Examine CnC - tcpdump, agent options Internet /18 Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 10
11 Lab 4: Local Privilege Escalation evil Go from mordiac to system on A Internet /18 Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 11
12 Pivoting Explained Permit outgoing HTTP Active Directory Client ip is Internet NGFW IoT Clients
13 Lab 5A: Lateral Movement against IoT evil Internet /18 Pivot attack against IoT via A - pivoting, metasploit - Bash shellshock exploit Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 13
14 Lab 5A: (cont) Local Privilege Escalation evil Internet /18 Pivot attack against IoT via A - Local recon (find out OS) - Escalate privileges Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 14
15 Lab 5B: Lateral Movement in AD environment Client-A (VPN) Client-B (VPN) evil Internet /18 FW inside /24 Pivot attack against AD via A - Dump credentials, mimikatz - WMI movement - Dump hashes - Pass-the-hash AD.? IoT
16 Lab 6A: Persistence with Golden Tickets evil Internet /18 - Take over workstationb (non Admin) - Create golden ticket to impersonate any user (even if all passwords are reset) Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 16
17 Lab 6B, 6C Persistence after Reboot evil Internet /18 Try to different methods to ensure you keep control after reboot - Schedule task - WMI subscriptions Client-A (VPN) Client-B (VPN) inside FW /24 IoT.211 AD.? 17
18 Remember Tell us if you have problems! Tell us if you have feedback! Have Fun! This lab does not even try to have the answers! We hope it helps you ask the right questions! 18
19 Appendix B Extra Turbo hacking lab evil Internet /18 Take over B via flash vulnerability Local Priv Escalation Dump hashes Pivoting via Port forwarding Hand over Metaploit -> Empire FW Client-A (VPN) Client-B (VPN) Clients /24 Infrastructure /24 IoT.211 AD.? 19
20 Post-Exploitation with PowerShell Very powerful scripting language included in Windows from Win7 Can leverage WMI,.NET, Win32 and do almost everything Key logging, Screenshots, CnC, grab passwords and hashes (Mimikatz) Is typically whitelisted and scripts not caught by Anti-Virus Can run from memory (no need to write file to disk: not caught by Anti-Virus) Can run on remote machine (if you know the credentials of target machine) 20
21 Internal Recon: Scanning? Noisy scanning typically not necessary for internal recon Attacker can just ask Active Directory politely to find out: What machines are in the domain? Which machines are the domain controllers? On what machines are domain admins logged on? Which machines run Exchange, SQL servers? Which machines are file servers?.and much more 21
22 What is a Hash? One-way function to convert password to hash For NT hash, MD4 is used Password Tunafish! So we don t have to store cleartext-passwords or send them over the network Instead we use the hash to store credentials (and authenticate) Crypto stuff Crypto stuff Stuff Hash d41d8cd.. 22
23 Understanding NTLMv2 NTLMv2 is a common network authentication method in Microsoft Active Directory for Net logons,file Shares, Web Sites etc. Client requests auth Server sends challenge Client sends response to challenge Server validates (with help of Active Directory) Auth Request Challenge(random no) Response 23
24 Understanding NTLMv2 If client sends correct response to challenge it is authenticated Response is calculated from hash that is calculated from password Auth Request Challenge(random no) Response Hash Password Crypto stuff Username Timestamp Crypto stuff Other stuff Challenge(random no) 24
25 Pass-the-Hash If attacker has the hash, he does not need the password He can use a modified client that supplies the hash without calculating it from password Auth Request Challenge(random no) Response Hash Password Crypto stuff Username Timestamp Crypto stuff Response Other stuff Challenge(random no) 25
26 Overview: Hoarding Hashes On new compromised host Grab local hashes Grab hashes of logged in users/services Try Next Host w credentials. N Y Domain Admin? Partytime! Passwords/Hashes 26
27 Grab Local Hashes With system privileges it is possible to grab local password hashes from registry (not a vulnerability, it is same for other OS including Unix) Functionality (of course) included in Metasploit, PowerShell Empire Note: Local hashes only relevant to local computer But maybe same password is used on more than one computer? Grab local hashes meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: cisco:1000:aad3b435b51404eeaad3b435b51404ee:579a13a46633f286db9155f5a612c765::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: 27
28 Mimikatz Grab from LSASS It has nothing to do with cats! Grab hashes of logged in users/services A tool run on compromised host that can (among many things) grab credentials from logged on users and services from memory Minicatz? LSASS (Credentials cache) User Password Hash scratchy S3cret! aad3db5 28
29 Why is the Password/Hash Cached? In Active Directory Domain, the user logs in once to his computer and can then access domain resources without any further logon User-friendly! And Single-Sign-On is good for security too! but client has to cache hash of password to authenticate transparently File Server Scratchy Logs in Once Authenticate many times Web Server Credentials cache User Password Hash Scratchy S3cret! aad3db5 NGFW Security Appliance 29
30 So let s consider Kerberos In Greek mythology, Cerberus was the Threeheaded Monster Dog that guarded the underworld. Kerberos is the preferred authentication mechanism in Active Directory (used in Unix Environments before Microsoft adopted it). Note that it may be difficult to fully replace NTMLv2 with Kerberos due to legacy OS, appliances etc. so most AD domains use both methods! Monster dog? Rosemary, CISO 30
31 How Kerberos Works 1: Getting the TGT 1. Client authenticates by encrypting timestamp with its hash It is Scratchy Timestamp NT hash Crypto AS-REQ Auth 31
32 How Kerberos Works 1,2: Getting the TGT 2. Domain Controller sends back a Ticket-Granting-Ticket (TGT), encrypted with the Kerberos Service (KRBTGT) hash. Only the Domain Controllers can read the ticket that includes info on username, group belongings, validity It is Scratchy TGT TGT AS-REP Crypto KRBTGT hash Username:Scratchy Ticket lifetime Groups 32
33 How Kerberos Works 3: Getting the TGS 3. Client requests a Ticket-Granting-Service (TGS) for a specific service (e.g file service, web proxy). It includes the TGT in request. I can decrypt All TGTs! TGS-REQ fileservice TGT TGT Service Hash File Server 33
34 How Kerberos Works 3,4: Getting the TGS 3. Client requests a Ticket-Granting-Service (TGS) for a specific service (e.g file service, web proxy). It includes the TGT in request. 4. Domain Controller decrypts TGT. If valid it creates a TGS populated with values from TGT and encrypts it with the hash of requested service. TGT TGS-REP Username Ticket lifetime Groups TGS Crypto TGT Service Hash File Server 34
35 How Kerberos Works 5: Contacting Service 5. Client presents the TGS to server. Server can validate TGS (decrypting it with its hash) and gets back info on User, Ticket Lifetime, Groups and can proceed to allow/disallow the request. 6. (No need for Server to contact Domain controller to verify anything!) Username Ticket lifetime Groups TGT AP-REQ Decrypt TGS TGS File Server Service Hash 35
36 So all is fine? Kerberos is well-proven (20 years old), used in Unix environments before Microsoft adopted it The big issue: All security depends on the master key (KRBTGT hash)! That typically changes very rarely, at domain functional level upgrades If Domain Controller is compromised, it is disastrous! Very good white paper (explaining next attack) Guys-Don't-Get-It-wp.pdf 36
37 But Hey! Our Domain Controller was compromised So by dumping hashes Itchy (the attacker) got the KRBGT hash! Krbtgt :$NT$e eda994a585b79c::: This is like being able to print his own passport! Now Itchy can create his own TGTs! = Golden Tickets KRBTGT hash Crypto TGT Username: supercat Groups: x,y, z Lifetime: 10 years 37
38 Access to lab AnyConnect to: dcloud-sjc-anyconnect.cisco.com Credentials via lab proctor Username : xxxxxx Password : yyyyyyy Download lab guide from Download lab prezo from 38
39 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#ltrsec-3000
40 Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at
41 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions 41
42 Thank you
43
It s Cats vs. Rats in the Attack Kill Chain! Szilard Csordas Cisco
It s Cats vs. Rats in the Attack Kill Chain! Szilard Csordas Cisco The Challenge Attackers are skilled and motivated Attackers are engineers Learn from others, reuse code or write your own Test before
More informationIt s Cats vs. Rats in the Attack Kill Chain
BRKSEC-2309 It s Cats vs. Rats in the Attack Kill Chain Håkan Nohre, Technical Solutions Architect Cyber Security Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationNXOS in the Real World Using NX-API REST
NXOS in the Real World Using NX-API REST Adrian Iliesiu Corporate Development Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationUseful Hacking Series
Useful Hacking Series Welcome to the Useful Hacking Series, in this series of 20 Episodes our world-renowned penetration tester/international speaker will share with you the top useful tips used during
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos This talk is Based on Tim Madin
More informationBojan Ždrnja, CISSP, GCIA, GCIH, GWAPT INFIGO IS
Laterally pwning Windows Bojan Ždrnja, CISSP, GCIA, GCIH, GWAPT Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant at INFIGO IS Penetration testing (all
More informationPass-the-Hash Attacks
Pass-the-Hash Attacks Mgr. Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 Microsoft Advanced Threat Analytics PtH Attack
More informationPass-the-Hash Attacks. Michael Grafnetter
Pass-the-Hash Attacks Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 PtH History and Future 1988 Microsoft releases Lan
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Lab Setup AJLAB.COM: 2 Domain
More informationActive Directory Attacks and Detection Part -II
Active Directory Attacks and Detection Part -II #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Key Takeaways How to
More informationKERBEROS PARTY TRICKS
KERBEROS PARTY TRICKS Weaponizing Kerberos Protocol Flaws Geoffrey Janjua Who is Exumbra Operations Group? Security services and consulting Specialized services: Full scope red-team testing, digital and
More informationComputers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady
Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day
More informationAutomation and Programmability using Cisco Open NXOS and DevOps Tools
Automation and Programmability using Cisco Open NXOS and DevOps Tools Jeff Lester Sr. Solutions Integration Architect Matt Tarkington Consulting Engineer Services Cisco Spark How Questions? Use Cisco Spark
More informationn Describe the CEH hacking methodology and system hacking steps n Describe methods used to gain access to systems
Outline n Describe the CEH hacking methodology and system hacking steps n Describe methods used to gain access to systems n Describe methods used to escalate privileges Chapter #5: n Describe methods used
More informationPremediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.
Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Overview Case Study Remediation Overview Premediation
More informationRastaLabs Red Team Simulation Lab
RastaLabs Red Team Simulation Lab LAB OUTLINE Description RastaLabs is a virtual Red Team Simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus
More informationManaging an Active Incident Response Case. Paul Underwood, COO
Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationAttacking and Defending Active Directory July, 2017
Attacking and Defending Active Directory July, 2017 About: Adam Steed - @aboy 20 years of experience in IAM, working for financial, websites, and healthcare organizations Associate Director Protiviti Security
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationA YEAR OF PURPLE. By Ryan Shepherd
A YEAR OF PURPLE By Ryan Shepherd WHOAMI DETECTION and RESPONSE Investigator for Countercept Threat Hunter PURPLE Team Consultant Offensive Security Certified Professional (OSCP) Crest Registered Intrusion
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationFactotum Sep. 24, 2007
15-412 Factotum Sep. 24, 2007 Dave Eckhardt 1 Factotum Left Out (of P9/9P Lecture) The whole authentication thing There is an auth server much like a Kerberos KDC There is an authentication file system
More informationDeploy and Configure Microsoft LAPS. Step by step guide and useful tips
Deploy and Configure Microsoft LAPS Step by step guide and useful tips 2 Table of Contents Challenges today... 3 What is LAPS... 4 Emphasis and Tips... 5 How LAPS Work... 6 Components... 6 Prepare, Deploy
More informationModern Realities of Securing Active Directory & the Need for AI
Modern Realities of Securing Active Directory & the Need for AI Our Mission: Hacking Anything to Secure Everything 7 Feb 2019 Presenters: Dustin Heywood (EvilMog), Senior Managing Consultant, X-Force Red
More informationCloud Mobility: Meraki Wireless & EMM
BRKEWN-2002 Cloud Mobility: Meraki Wireless & EMM Emily Sporl Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile
More informationBGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab
BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab Michael Kowal, Principal Systems Engineer, @ciscomk Dash Thompson, Systems Engineer, @dash_thompson Abel Ramirez, Systems Engineer, @ramirezabel21
More informationA Taste of SANS SEC 560: Adventures in High-Value Pen Testing
All Rights Reserved 1 Network Penetration Testing and Ethical Hacking A Taste of SANS SEC 560: Adventures in High-Value Pen Testing SANS Security 560 Copyright 2015, All Rights Reserved Version 2Q15 All
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationCisco WAN Automation Engine (WAE) Network Programmability with Segment Routing
LTRMPL-2104 Cisco WAN Automation Engine (WAE) Network Programmability with Segment Routing Josh Peters Technical Marketing Engineer Derek Tay Technical Marketing Engineer Cisco Spark How Questions? Use
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationYour API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests
DEVNET-1631 Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests Adam Kalsey, Spark Developer Relations Cisco Spark How Questions? Use Cisco Spark to communicate
More informationPentesting Windows Domains
Pentesting Windows Domains Active Directory security model and weaknesses 2017-01-09 Jean MARSAULT AGENDA / 01 Introduction / 02 The Active Directory model & Windows domains / 03 Pentesting Windows domains
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationGet Hands On With DNA Center APIs for Managing Intent
DEVNET-3620 Get Hands On With DNA Center APIs for Managing Intent Adam Radford Distinguished Systems Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Modified 1-11-17 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate *NIX OS targets
More informationCisco UCS Agentless Configuration Management Ansible or Microsoft DSC
DEVNET-2916 Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC John McDonough, Technical Leader Developer Evangelist Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationBuilding a Threat-Based Cyber Team
Building a Threat-Based Cyber Team Anthony Talamantes Manager, Defensive Cyber Operations Todd Kight Lead Cyber Threat Analyst Sep 26, 2017 Washington, DC Forward-Looking Statements During the course of
More informationHands-On with IoT Standards & Protocols
DEVNET-3623 Hands-On with IoT Standards & Protocols Casey Bleeker, Developer Evangelist @geekbleek Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More information7 EASY ATTACKS AGAINST ACTIVE DIRECTORY
NEW TITLE: 7 EASY ATTACKS AGAINST ACTIVE DIRECTORY And How to Prevent Them Through Good Practices and a Little Group Policy ABOUT ME Kevin McBride Security Specialist at Meridian Credit Union 12 years
More informationActive Directory Attacks and Detection Part -III
Active Directory Attacks and Detection Part -III #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Key Takeaways Abusing
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Updated 3-3-18 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate *NIX OS targets Introduction
More informationLateral Movement Defcon 26. Walter Mauricio
Lateral Movement 101 @ Defcon 26 Walter Cuestas @wcu35745 Mauricio Velazco @mvelazco About Workshop goals Lab Environment Hands-on exercises & CTF #Whoarewe Walter Cuestas (@wcu35745) Mauricio Velazco
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationA Process is No One: Hunting for Token Manipulation. Jared Atkinson & Robby Winchester
Jared Atkinson Robert Winchester A Process is No One: Hunting for Token Manipulation Jared Atkinson & Robby Winchester @jaredcatkinson Adversary Detection Technical Lead @ SpecterOps Developer: PowerForensics
More informationDEVNET Introduction to Git. Ashley Roach Principal Engineer Evangelist
DEVNET-1080 Introduction to Git Ashley Roach Principal Engineer Evangelist Twitter: @aroach Email: asroach@cisco.com Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the
More informationALL ROADS LEAD TO DOMAIN ADMIN BREACH TO CDE A SECTOR CONFERENCE PRESENTATION OCTOBER 2016
BREACH TO CDE ALL ROADS LEAD TO DOMAIN ADMIN A SECTOR CONFERENCE PRESENTATION OCTOBER 2016 Introduction Yannick Bedard Security Consultant Network Penetration Testing SpiderLabs, Trustwave email: ybedard.infosec@gmail.com
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More information10 Active Directory Misconfigurations That Lead to Total Compromise Austin, TX 201 W 5th St.
10 Active Directory Misconfigurations That Lead to Total Compromise hello@javelin-networks.com +1-888-867-5179 Austin, TX 201 W 5th St. 1. Group Policy Preferences Visible Passwords Group Policy Preferences
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationManaging Cisco UCS with the Python SDK
DEVNET-2060 Managing Cisco UCS with the Python SDK John McDonough, Technical Leader Developer Evangelist Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.
More informationINCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1
INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1 The most practical and comprehensive training course on incident handling & response elearnsecurity has been chosen by students in over 140 countries
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationSecuring Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More informationNetwork Device Forensics. Digital Forensics NETS1032 Winter 2018
Network Device Forensics Digital Forensics NETS1032 Winter 2018 Risks Most data created, stored, and used by users is kept in files on computers running end user oriented operating systems like Windows,
More informationCritical Hygiene for Preventing Major Breaches
SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos
More informationFinesse APIs: Getting started with the REST APIs and XMPP events
Finesse APIs: Getting started with the REST APIs and XMPP events Denise Kwan, Software Engineer @ DevNet Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.
More information10 Ways Credit Unions Get PWNED
10 Ways Credit Unions Get PWNED NASCUS 2017 Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. Intro I am going to share with
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationAutomation with Meraki Provisioning API
DEVNET-2120 Automation with Meraki Provisioning API Courtney M. Batiste, Solutions Architect- Cisco Meraki Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationCisco Enterprise Agreement
PSODGT-1076 Cisco Enterprise Agreement John Marshall, Global Director: Cisco Enterprise Agreement strategy Vinay Nichani, WW Software Sales Cisco Spark How Questions? Use Cisco Spark to communicate with
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationMetasploit Year in Review
Metasploit Year in Review James Lee Metasploit Developer and Community Manager Rapid7 2015-10-03 $ whoami James Lee @egyp7 Metasploit Developer Community Manager NTX ISSA Cyber Security Conference October
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationWhen the admin fails on security Christoph Falta ITSECX
When the admin fails on security Christoph Falta ITSECX 2012 09.11.2012 What s this all about? Point out common vulnerabilities in a windows environmnet Point out attack scenarios that leverage these vulnerabilities
More informationHybrid Cloud Automation using Cisco CloudCenter API
Hybrid Cloud Automation using Cisco CloudCenter API Ray Doerr, Advanced Services Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationSANS Hackfest. Secret Pentesting Techniques Part 2. Dave Kennedy Founder, @HackingDave
SANS Hackfest Secret Pentesting Techniques Part 2 Dave Kennedy Founder, CEO Twitter: @TrustedSec, @Binary_Defense @HackingDave David&Kennedy s&background& Founder of TrustedSec. Co-Founder and CTO Binary
More informationCONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams
CONTROLLING YOUR OWN BATTLESPACE From Threat Response Teams To Threat Intelligence Teams Agenda Motivations The Intelligence Process The Cyber Kill Chain Approach Indicators of Compromise Information Sharing
More informationRID HIJACKING Maintaining Access on Windows Machines.
RID HIJACKING Maintaining Access on Windows Machines. Security Conference Bogotá, Colombia. 2018 Agenda 0x01. Exposing the RID Hijacking Attack. 0x02. Windows Logon in a nutshell. 0x03. Hijacking the RID.
More informationDeploying Cloud-Agnostic Applications with Cisco CloudCenter
LTRCLD-2303 Deploying Cloud-Agnostic Applications with Cisco CloudCenter Zack Kielich CloudCenter Product Manager Vince Motto Sr. Technical Leader Andrew Horrigan Consulting Engineer Matt Tarkington Consulting
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationDevOps CICD for VNF a NetOps Approach
DevOps CICD for VNF a NetOps Approach Renato Fichmann Senior Solutions Architect Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.
More informationRadius, LDAP, Radius used in Authenticating Users
CSCD 303 Lecture 5 Fall 2017 Kerberos Radius, LDAP, Radius used in Authenticating Users Introduction to Centralized Authentication Kerberos is for authentication only and provides Single Sign-on (SSO)
More informationIncident Scale
SESSION ID: SOP-T07 Incident Response @ Scale Salah Altokhais Incident Response Consultant National Cyber Security Center (NCSC),KSA @salah.altokhais Khalid Alsuwaiyel Incident Response Specialist National
More informationPLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY
PAGE 2 IN CEE PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY MAR 2017 IGOR SHASTITKO About Consalta Every business deserves an opportunity to grow! We
More informationRemote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function.
10 March 2016 Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. Presented by Neil Lines Who am I? Neil Lines - Pen Tester Involved in a range of security
More informationWindows authentication methods and pitfalls
Windows authentication methods and pitfalls hashes and protocols vulnerabilities attacks 1996-2013 - P. Veríssimo All rights reserved. Reproduction only by permission 1 EXAMPLE: Windows authentication
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationCisco Spark. Questions? Use Cisco Spark to communicate with the speaker after the session. How
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly
More informationBasic Linux Security. Roman Bohuk University of Virginia
Basic Linux Security Roman Bohuk University of Virginia What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls
More information2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ACI App Center Fabrice Servais, Software Engineer, Data Center Networking, Cisco Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationDevNet Workshop-Hands-on with CloudCenter and Jenkins
DevNet Workshop-Hands-on with CloudCenter and Jenkins Tuan Nguyen, Technical Marketing Engineer, CPSG Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find
More informationICS Penetration Testing
Connor Leach Jackson Evans-Davies 18 June, 2018 ICS Penetration Testing Understanding the Challenges and Techniques Introductions 1 Connor Leach, GPEN, OSCP - Senior Penetration Tester - Member of Canadian
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationConsuming Model-Driven Telemetry
Consuming Model-Driven Telemetry Cristina Precup & Stefan Braicu Software Systems Engineers Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationCompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/
Page No 1 https://www.dumpsplanet.com m/ CompTIA PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo For More Information: PT0-001-dumps Page No 2 Question: 1 During a penetration test, a tester
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Modified 2-22-14 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate NetWare OS targets
More information