from user to domain admin: a step-by step guide on how to be a little evil
TRANSCRIPT
![Page 1: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/1.jpg)
From User to Domain Admin: A Step-By-Step Guide on
How to Be a Little Evil
Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
Contact: [email protected] | http://cqure.us
New York, Dubai, Warsaw
@paulacqure
@CQUREAcademy
![Page 2: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/2.jpg)
![Page 3: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/3.jpg)
Upcoming Workshops: 7th -11th of March – NYC – Hacking and Securing Windows Infrastructure
4th – 8th of April – NYC – Hacking and Securing Windows Infrastructure
2nd – 6th of May – NYC - Hacking and Securing Windows Infrastructure
Please Contact our office in United States office and mention BeyondTrust!
Exclusive discounts for all attendees in today’s seminar.
![Page 4: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/4.jpg)
![Page 5: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/5.jpg)
![Page 6: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/6.jpg)
![Page 7: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/7.jpg)
Offline access allows someone to bypass a system’s security
mechanisms Useful in critical situations
Almost every object that contains information can be read
offline It is a minimal privilege for the person with good intentions
It is a maximum privilege for… everybody else
Simplified offline access is acceptable if you do not value
your information
![Page 8: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/8.jpg)
Potential Attacker Pathways
![Page 9: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/9.jpg)
![Page 10: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/10.jpg)
Services • When used as a part of software that was not installed in %systemroot% or %programfiles%
• Installed in a folder with inappropriate ACLs
Permissions • Should be audited
• Should be set up as a part of NTFS, not as a part of shares
BackupRead / BackupWrite • Copy operation that is more important than ACLs
• Used by backup software
![Page 11: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/11.jpg)
Summary
Learn how to detect malicious situations
Know your system when it is safe – you need a baseline
If you detect a successful attack – do not try to fight
Report the issue
Investigate or do a penetration test /IT Audit
Estimate the range of the attack
Know how to recover your data, when necessary
![Page 12: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/12.jpg)
Retina Enterprise
Vulnerability
Management Alex DaCosta
Product Manager
![Page 13: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/13.jpg)
Network Security
Scanning
Enterprise Vulnerability
Management
Dynamic Web
Application Scanning
Cloud-Based
Perimeter Scanning
Privileged Password
Management
Privilege
Management
Auditing &
Protection
Active Directory
Bridging
The BeyondInsight IT Risk Management Platform
EXTENSIVE
REPORTING
CENTRAL DATA
WAREHOUSE
ASSET
DISCOVERY
ASSET
PROFILING
ASSET SMART
GROUPS
USER
MANAGEMENT
WORKFLOW AND
NOTIFICATION
THIRD-PARTY
INTEGRATION
Retina Vulnerability Management Solutions
PowerBroker Privileged Account Management Solutions
ADVANCED THREAT
ANALYTICS
NETWORK
INFRASTRUCTURE
MOBILE, VIRTUAL
AND CLOUD
APPLICATIONS &
DATABASES SERVERS & DESKTOPS
ACTIVE DIRECTORY,
EXCHANGE, FILE SYS.
![Page 14: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/14.jpg)
Demonstration
![Page 15: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/15.jpg)
Poll
![Page 16: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil](https://reader034.vdocuments.us/reader034/viewer/2022042723/58ed3bf91a28abd4198b4655/html5/thumbnails/16.jpg)
Q&A
Thank you.