Credential Assessment Mapping Privilege Escalation at Scale Matt - - PowerPoint PPT Presentation

Credential Assessment

Mapping Privilege Escalation at Scale Matt Weeks @scriptjunkie1

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 1 10 100 1000 10000

Adversary access (# boxes owned)

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 1 10 100 1000 10000

Adversary access (# boxes owned)

Find and fix all the vulnerabilities, block contractor access Pentests, vuln assessments Many companies try this. Find known malware. The entire AV industry does this. Hunt anomalies Fewer do this. Both are important parts of a security program

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 1 10 100 1000 10000

Adversary access (# boxes owned)

What happened here?!

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 1 10 100 1000 10000

Adversary access (# boxes owned)

Bad guys got a DA token; Creds left on a webserver.

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 1 10 100 1000 10000

Adversary access (# boxes owned)

Malware detection and vulnerable boxes are not the biggest enterprise problem, admin creds lying around all over the domain is.

Bad guys got a DA token; Creds left on a webserver.

Scanners Collectors Database Analysis UI

http://extract.ntdsd.it/

Uh oh!

It can be done!