CSC 5930/9010 Offensive Security: Lateral Movement

Similar documents
CSC 4900 Computer Networks: Link Layer (2)

CSC 4900 Computer Networks: Network Layer

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Network layer: Overview. Network Layer Functions

Lecture 8. Network Layer (cont d) Network Layer 1-1

IT Exam Training online / Bootcamp

Internet Network Protocols IPv4/ IPv6

Computer Networking Introduction

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

jk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022

Security+ SY0-501 Study Guide Table of Contents

Homework 4 assignment for ECE374 Posted: 04/06/15 Due: 04/13/15

CyberP3i Course Module Series

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

RSC Part II: Network Layer 3. IP addressing (2nd part)

ECE 4450:427/527 - Computer Networks Spring 2017

COMP211 Chapter 4 Network Layer: The Data Plane

CompTIA Network+ Study Guide Table of Contents

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

COMP 631: NETWORKED & DISTRIBUTED SYSTEMS 9/6/16 COMP 631: NETWORKED & DISTRIBUTED SYSTEMS. IP Addressing. Jasleen Kaur. Fall 2016

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12

internet technologies and standards

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Chapter 4 Network Layer: The Data Plane

Network Layer PREPARED BY AHMED ABDEL-RAOUF

Linux System Administration

Router Architecture Overview

Lecture 4 - Network Layer. Transport Layer. Outline. Introduction. Notes. Notes. Notes. Notes. Networks and Security. Jacob Aae Mikkelsen

CompTIA Security+ CompTIA SY0-401 Dumps Available Here at:

Inter-networking. Problem. 3&4-Internetworking.key - September 20, LAN s are great but. We want to connect them together. ...

1. IPv6 is the latest version of the TCP/IP protocol. What are some of the important IPv6 requirements?

Chapter 2 VLANs. CHAPTER 2 VLANs

RSC Part II: Network Layer. 3. IP addressing. II.5 Network routing. II. 1 Basic Network layer concepts II.2 Introduction to IP

Network Security. Thierry Sans

CS 348 Computer Networks. IP and Routing. Indian Institute of Technology, Bombay

CSC 5930/9010 Offensive Security: OSINT

CSEN 503 Introduction to Communication Networks. Mervat AbuElkheir Hana Medhat Ayman Dayf. **Slides are attributed to J. F. Kurose

Hierarchical Routing. Our routing study thus far - idealization all routers identical network flat no true in practice. administrative autonomy

CSC 401 Data and Computer Communications Networks

CISNTWK-440. Chapter 5 Network Defenses

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

Principles behind data link layer services:

Principles behind data link layer services:

Network Layer: Internet Protocol

n Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

Data Link Layer. Our goals: understand principles behind data link layer services: instantiation and implementation of various link layer technologies

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

CS 455/555 Intro to Networks and Communications. Link Layer Addressing, Ethernet, and a Day in the Life of a Web Request

IP: Addressing, ARP, Routing

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Microsoft Exam

CSCE 463/612 Networks and Distributed Processing Spring 2018

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Chapter 4: Network Layer

Hubs. twisted pair. hub. 5: DataLink Layer 5-1

vcloud Director User's Guide

Principles behind data link layer services

Internetworking Part 2

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

SonicWALL / Toshiba General Installation Guide

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

Managing and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:

CSE543 - Computer and Network Security Module: Firewalls

Data Communication & Networks G Session 7 - Main Theme Networks: Part I Circuit Switching, Packet Switching, The Network Layer

CC231 Introduction to Networks Dr. Ayman A. Abdel-Hamid. Internet Protocol Suite

CS 3516: Advanced Computer Networks

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

CS 458 Internet Engineering Spring First Exam

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

CSC 4900 Computer Networks: Security Protocols (2)

Computer Security and Privacy

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Lecture 17: Network Layer Addressing, Control Plane, and Routing

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

ValidVCE. ValidVCE - Free valid vce dumps for certification exam test prep

Quiz. Segment structure and fields Flow control (rwnd) Timeout interval. Phases transition ssthresh setting Cwnd setting

1-1. Switching Networks (Fall 2010) EE 586 Communication and. October 25, Lecture 24

Module: Firewalls. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security

Internet Addresses Reading: Chapter 4. 2/11/14 CS125-myaddressing

ETSF10 Internet Protocols Network Layer Protocols

Managing an Active Incident Response Case. Paul Underwood, COO

Wireless-G Router User s Guide

Integrated Services. Integrated Services. RSVP Resource reservation Protocol. Expedited Forwarding. Assured Forwarding.

End-to-End Communication

Wireless Attacks and Countermeasures

Full file at

Lab - Troubleshooting ACL Configuration and Placement Topology

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Network Protocols - Revision

CSCD58 WINTER 2018 WEEK 6 - NETWORK LAYER PART 1. Brian Harrington. February 13, University of Toronto Scarborough

CS Computer and Network Security: Firewalls

How to deal with large numbers (millions) of entities in a system? IP devices in the internet (0.5 billion) Users in P2P network (millions)

CIT 380: Securing Computer Systems. Network Security Concepts

Chapter 4 Network Layer: The Data Plane

Transcription:

CSC 5930/9010 Offensive Security: Lateral Movement Professor Henry Carter Spring 2019

Recap Symmetric vs. Asymmetric encryption techniques Authentication protocols require proving possession of a secret: Without sharing it Without creating a replayable token Password cracking techniques and defenses

Post-exploit We have considered several techniques for breaking into vulnerable applications this semester Your pen testing engagements may only seek this much intrusion, but usually they are scoped a bit more thoroughly After you have successfully breached the network of a target, now what?

Privilege escalation and lateral movement According to the L-M kill chain, installation, C2, and actions on objectives are the final steps of an attack To do this effectively, attackers establish persistence in a system so that they can return This usually requires administrative privileges on a machine that controls the network "Lateral movement" refers to navigating the network to find this machine (or set of machines)

Internetworking Lateral movement looks a lot like the first exploit You are just attacking from another machine in the network The greatest impediment to lateral movement is a wellpartitioned network Understanding internetworking inside your target network is key

IP Addressing: Recap IP address: 32-bit identifier for host, router interface interface: connection between host/router and physical link routers typically have multiple interfaces host typically has one interface IP addresses associated with each interface 6

Subnets IP address: subnet part (high order bits) host part (low order bits) What s a subnet? device interfaces with same subnet part of IP address Often corresponds to a LAN but may contain multiple LANs! 7

IP addressing: CIDR CIDR: Classless InterDomain Routing subnet portion of address of arbitrary length address format: a.b.c.d/x, where x is # bits in subnet portion of address 200.23.16.0/23 8

Hierarchical addressing: more specific routes ISPs-R-Us has a more specific route to Organization 1 9

NAT: Network Address Translation Motivation: local network uses just one IP address as far as outside world is concerned: range of addresses not needed from ISP: just one IP address for all devices can change addresses of devices in local network without notifying outside world can change ISP without changing addresses of devices in local network devices inside local net not explicitly addressable, visible by outside world (a security plus). Uses IP addresses designated as private inside the LAN 10

NAT: Network Address Translation 11

Filtering: Firewalls Filtering traffic based on policy Policy determines what is acceptable traffic Access control over traffic Accept or deny Application May perform other duties Network Logging (forensics) Flagging (intrusion detection) Link QoS (differentiated services) 12

DMZ (De-militarized Zone) Zone between LAN and Internet (public facing) 13

MAC Addresses and ARP 32-bit IP address: network-layer address used to get datagram to destination IP subnet MAC (or LAN or physical or Ethernet) address: used to get frame from one interface to another physicallyconnected interface (same network) 48 bit MAC address (for most LANs) burned in the adapter ROM e.g.: 1A-2F-BB-76-09-AD; 00:1F:5B:38:FC:04 14

Self learning switch learns which hosts can be reached through which interfaces when frame received, switch learns location of sender: incoming LAN segment records sender/location pair in switch table 15

Interconnecting Switches Switches can be connected together Q: sending from A to G - how does S1 know to forward frame destined to G via S4 and S3? A: self learning! (works exactly the same as in singleswitch case!) 16

VLANs: Motivation Consider the following scenario: CS user moves office to EE, but wants connect to CS switch? single broadcast domain: all layer-2 broadcast traffic (ARP, DHCP, unknown location of destination MAC address) must cross entire LAN security/privacy, efficiency issues 17

Port-Based VLAN traffic isolation: frames to/from ports 1-8 can only reach ports 1-8 can also define VLAN based on MAC addresses of endpoints, rather than switch port dynamic membership: ports can be dynamically assigned among VLANs forwarding between VLANS: done via routing (just as with separate switches) in practice vendors sell combined switches plus routers 18

Privilege Escalation Once you have reached administrative machines, how do you escalate your privilege on the machine/in the network? Many of the techniques we've learned are already useful Traffic sniffing, password cracking, MitM attacks Your goal should be to steal or create credentials that you can later use to get back in

Things to look for Writable executables Misconfigured scripts or automated processes Stealing domain (i.e., network authentication) credentials from OS caches, Kerberos tickets, or domain controllers

Recap Once an attack has crossed into the target network, the goal becomes persistence and control over as many devices as possible Lateral movement applies exploit techniques to moving through an internal network structure The goal of lateral movement is to find credentials that will escalate the attacker's privilege to admin and all easy re-entry

Next Time... Project Presentations! 10 minutes each Include a demo of your project Write-up due at the final exam Complete and submit the internetworking lab See Blackboard for due date 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback