Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

Similar documents
Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971

What s New in Netwrix Auditor 9.7

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

The 3 Pillars of SharePoint Security

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In

What s New in Netwrix Auditor 9.5

Top Critical Changes to Audit

What s New in Netwrix Auditor 8.0. PRESENTER: Jeff Melnick Manager of Sales Engineering x 971

How to Survive an IT Audit and Thrive Off It!

Withstanding Ransomware Attack: A Step-by-Step Guide Presenter:

Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange

Expert Webinar: Hacking Your Windows IT Environment

Top 7 Questions to Assess Data Security in the Enterprise

4 Ways Your Organization Can Be Hacked

Netwrix Auditor. Visibility Platform for User Behavior Analysis. and Risk Mitigation in Hybrid IT Environments.

Become an Active Directory Auditing Superstar: an all-in-one guide!

Netwrix Auditor for File Servers and SQL Server

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

How to Ensure Continuous Compliance?

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

IT Security Horrors That Keep You Up at Night

Outsmarting Ransomware: Hints and Tricks. Netwrix Corporation Adam Stetson System Engineer

Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware. Netwrix Corporation Roy Lopez System Engineer

ISO/IEC Controls

Automate and simplify PCI DSS compliance using FileAudit Plus

Top 5 NetApp Filer Incidents You Need Visibility Into

Cyber Security Audit & Roadmap Business Process and

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT. PRESENTER: Adam Stetson Presales Engineer

Top 5 Oracle Database Incidents You Need Visibility Into

Netwrix Auditor Competitive Checklist

PCI DSS Requirements. and Netwrix Auditor Mapping. Toll-free:

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

the SWIFT Customer Security

Security. Made Smarter.

THE TRIPWIRE NERC SOLUTION SUITE

Automating the Top 20 CIS Critical Security Controls

IBM services and technology solutions for supporting GDPR program

Security Diagnostics for IAM

Cloud Customer Architecture for Securing Workloads on Cloud Services

ALIENVAULT USM FOR AWS SOLUTION GUIDE

SIEMLESS THREAT DETECTION FOR AWS

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Netwrix Auditor for SQL Server

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

locuz.com SOC Services

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

HIPAA Requirements. and Netwrix Auditor Mapping. Toll-free:

Security Operations & Analytics Services

Compliance Audit Readiness. Bob Kral Tenable Network Security

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Netwrix Virtual. Customer Summit 2016

Cybersecurity The Evolving Landscape

Onapsis: The CISO Imperative Taking Control of SAP

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Business Context: Key for Successful Risk Management

University of Pittsburgh Security Assessment Questionnaire (v1.7)

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

The Convergence of Security and Compliance

SIEMLESS THREAT MANAGEMENT

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

Tips for Passing an Audit or Assessment

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Transforming Security from Defense in Depth to Comprehensive Security Assurance

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Unlocking the Power of the Cloud

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

K12 Cybersecurity Roadmap

McAfee Database Security

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Will your application be secure enough when Robots produce code for you?

Security

Building a Resilient Security Posture for Effective Breach Prevention

GDPR Update and ENISA guidelines

UNIFICATION OF TECHNOLOGIES

Oracle Database Security Assessment Tool

Cyber security tips and self-assessment for business

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

Privileged Account Security: A Balanced Approach to Securing Unix Environments

From Managed Security Services to the next evolution of CyberSoc Services

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Managing Microsoft 365 Identity and Access

Transcription:

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation

Agenda Elevation Escalation Prevention

Elevation

Elevation An elevation-of-privilege occurs when an application gains rights or privileges that should not be available to them. Many of the elevation-of-privilege exploits are similar to exploits for other threats.

Escalation

Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. Adversaries can enter a system with unprivileged access and must take advantage of a system weakness to obtain local administrator or SYSTEM/root level privileges.

Elevation versus Escalation Vertical Privilege Escalation aka. Privilege Elevation Lower Privilege Account(s) Bypassing User vs. Admin Controls Horizontal Privilege Escalation Normal User Context Switching Limited form of Elevation E.g. Windows Services, Screensavers, Registry, Cross Zone Scripting, Shell Injection and even Jailbreaking E.g. Session ID s reuse in Cookies, Cross-site Scripting, Password Guessing, Session Hijacking and even Keystroke Logging

Elevation/Escalation Approaches Access Token Manipulation Bypass User Account Control Windows Memory Injection File System Permissions Process Injection Web Shell

Elevation: Process Hijacking Client Workstation Interrogate Environment for Running Processes Hacker Issue Commands as Hijacked Process Inject into Selected Process Retrieve Current Running Processes

Elevation: Impersonation Client Workstation Interrogate Environment for User Tokens Hacker Issue Commands as Impersonated User Impersonate Chosen User Token Retrieve Current User Tokens

Demo

Prevention

Prevention Data Execution Protection Least Privilege Patching Encryption Mandatory Access Controls Anti-Virus

About Netwrix Auditor Netwrix Auditor A visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations, and access in hybrid IT environments. It provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage.

Security Challenges Resolved by Netwrix Auditor P R O B L E M IT can t assess security posture and determine which assets need the most protection. P R O B L E M Lack of actionable intelligence makes it hard to prevent policy violations and data breaches. S O L U T I O N Proactively identify and mitigate IT security weak spots, and prioritize data protection efforts. S O L U T I O N Gain full control over user permissions. Lock down overexposed data, prevent data breaches and privilege abuse. P R EDICT P R EVENT P R O B L E M Forensics teams can t analyze attacks to understand how they could have been stopped. R ESPOND DETECT P R O B L E M Incidents go unnoticed. Noise and alert fatigue make it hard to discern real threats. S O L U T I O N Trace attacks step by step to learn from them and prevent similar incidents from happening again. S O L U T I O N Quickly identify real security threats with alerts on anomalous activity and details about high-risk user accounts.

Netwrix Auditor Benefits Detect Data Security Threats, both On Premises and in the Cloud Pass Compliance Audits with Less Effort and Expense Increase the Productivity of Security and Operations Teams Bridges the visibility gap by delivering security intelligence about critical changes, configurations and data access in hybrid IT environments and enabling identification of security holes and investigation of anomalous user behavior. Provides the evidence required to prove that your organization s IT security program adheres to GDPR, PCI DSS, HIPAA, SOX, FISMA, NIST, GLBA, CJIS, FERPA, NERC CIP, ISO/IEC 27001, and other standards. Relieves IT departments of manual crawling through weeks of log data to get the information about who changed what, when and where a change was made, or who has access to what and helps automate software inventory tasks.

Netwrix Auditor Demonstration

Next Steps Free Trial: setup in your own test environment netwrix.com/freetrial Virtual Appliance: get Netwrix Auditor up and running in minutes netwrix.com/go/appliance Test Drive: run a virtual POC in a Netwrix-hosted test lab netwrix.com/testdrive Live One-to-One Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales Upcoming and On-Demand Netwrix Webinars: join upcoming webinars or watch the recorded sessions netwrix.com/webinars netwrix.com/webinars#featured

Questions?

Thank you! Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation www..com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback