4 ways your organisation can be hacked · • the ways your organisation can be hacked • how...
TRANSCRIPT
4 Ways Your Organisation Can Be Hacked
Kennet JohansenSolutions EngineerNetwrix
Brian JohnsonSecurity Enthusiast / Podcaster7 Minute Security
Housekeeping
• All attendees are on mute
• Ask your questions!
• Questions will be answered during
the session or at the Q&A at the end
• You will receive a copy of slides and
webinar recording in the follow-up
• Duration: Up to 60 minutes
We hope you enjoy!
Type your question
here
Click “Send”
Agenda
• Introduction
• The ways your organisation can be hacked
• How Netwrix can help to detect the attacks
• Q&A session
Who’s this guy?
Security engineer for 7 Minute Security
Podcaster Not famous Tiny movie star
The story
Evil Eric Gordon got fired from Madison Hotels, Inc.
and he want revenge!
Can Netwrix help save the day?
Eric Gordon is angry…
Laid off for bad behavior
He wants revenge!
Can Billy defend the Madison Hotels network?!
VS
Eric’s hacking playbook
Attack the wifi!
Log into my old Active Directory account
Password spraying attacks
Try to add a new local admin account
Plant malware
Mousejacking attack!
Get domain admin access
Cover my tracks
Wireless attack – try old wifi password!
Wireless attack – get Wifite
Wireless attack – capture/crack handshake
Login with old account
Detected: Login with an old account
Eric’s hacking playbook
Attack the wifi!
Log into my old Active Directory account
Password spraying attacks
Try to add a new local admin account
Plant malware
Mousejacking attack!
Get domain admin access
Cover my tracks
Password spray attack (domain account)
Detected: Password spray attack (domain account)
Password spray attack (local PC)
Detected: Password spray attack (local PC)
Eric’s hacking playbook
Attack the wifi!
Log into my old Active Directory account
Password spraying attacks
Try to add a new local admin account
Plant malware
Mousejacking attack!
Get domain admin access
Cover my tracks
Plant malware
Detected: Plant malware
Detected: Plant malware
Eric’s hacking playbook
Attack the wifi!
Log into my old Active Directory account
Password spraying attacks
Try to add a new local admin account
Plant malware
Mousejacking attack!
Get domain admin access
Cover my tracks
Mousejacking attack
Mousejacking attack
Lets stop for a minute
If someone gained Domain Admin on your Active Directory right now…
Would you know?
Are you logging for it?
Could you respond quickly?
Undetected: Mousejacking attack
But…
Undetected: Mousejacking attack
But…
Undetected: Mousejacking attack
But…
Undetected: Mousejacking attack
But…
Mousejacking attack cleanup
Eric’s hacking playbook
Attack the wifi!
Log into my old Active Directory account
Password spraying attacks
Try to add a new local admin account
Plant malware
Mousejacking attack!
Get domain admin access
Cover my tracks
Conclusion
Netwrix alerts us to key events happening in our AD environment:
Password spraying
Login attempts to disabled accounts
New local accounts added to key systems
High privilege group membership changes
Malicious user behaviour – complete with video proof!
About Netwrix Auditor
Netwrix Auditor is an agentless data security platform that empowers organisations to accurately identify
sensitive, regulated and mission-critical information and apply access controls consistently, regardless of where
the information is stored.
It enables them to minimise the risk of data breaches and ensure regulatory compliance by proactively reducing
the exposure of sensitive data and promptly detecting policy violations and suspicious user behaviour.
Netwrix Auditor
Useful links
Free trial: Set up Netwrix Auditor in your own test environment
netwrix.com/auditor9.8
In-browser demo: Run a demo right in your browser with no need to install anything
netwrix.com/go/browser_demo
If you want to learn more about Netwrix Auditor, register now for the upcoming Product Demo!
Questions?
Thank you!
Kennet JohansenSolutions EngineerNetwrix
Brian JohnsonSecurity Enthusiast / Podcaster7 Minute Security