mitreatt ck for red teaming about me
play

MITREATT&CK FOR RED TEAMING ABOUT ME Niklas Srkaari @ukk1sec - PowerPoint PPT Presentation

Aug 25, 2022 •434 likes •778 views

MITREATT&CK FOR RED TEAMING ABOUT ME Niklas Srkaari @ukk1sec Red Teamer (Senior Security Consultant) @ F-Secure MITREATT&CK Knowledge base of adversary tactics, techniques and procedures (TTPs) Develop skills for

  1. MITREATT&CK FOR RED TEAMING

  2. ABOUT ME ▪ Niklas Särökaari – @ukk1sec ▪ Red Teamer (Senior Security Consultant) @ F-Secure

  4. MITREATT&CK ▪ Knowledge base of adversary tactics, techniques and procedures (TTPs) ▪ Develop skills for both offense and defense to perform adversary simulations and to detect and respond to on-going attacks performed by real-world adversaries ▪ https://attack.mitre.org/

  5. ▪ swfw

  6. INITIAL ACCESS

  7. Initial Access Social Spear phishing Engineering Initial Access OSINT Valid Password Spraying Accounts

  8. OPEN SOURCE INTELLIGENCE ▪ Open Source Intelligence (OSINT) gathering is used as the first step in targeted attacks and attack simulations to map the attack surface presented by a target organisation ▪ May provide crucial information that can be used to obtain initial access: ▪ Employee emails for phishing and username enumeration ▪ Publicly exposed critical services, such as Citrix and VPN portals without 2FA ▪ Lync service or Outlook Web Access, which can be abused for password spraying

  9. SPEAR PHISHING

  10. PASSWORD SPRAYING

  11. PASSWORD SPRAYING

  12. DATA COLLECTION “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” @JohnLaTwC

  13. Initial Access Discovery Social Spear Engineering phishing Internal Initial Remote OSINT Access Reconnaissance Desktop Protocol Password Valid Spraying Accounts

  15. BLOODHOUND + SHARPHOUND ▪ Provides means to collect and analyze data to identify potential attack paths ▪ SharpHound can be used to collect information such as: ▪ Local admin & user session info ▪ Group memberships ▪ Domain trusts ▪ Group Policy Objects ▪ Access Control List info ▪ Repetition is key

  16. 17

  17. 18

  18. 19

  19. PRIVILEGE ESCALATION

  20. Initial Access Discovery, Privilege Escalation, Credential Access & Lateral Movement Citrix Local Credential Credentials Spear Social in Breakout Privilege Dumping Engineering phishing Escalation Files (CVE-2019-1069) OSINT Internal Initial Remote Domain Access Reconnaissance Desktop Admin Protocol Privileges Access Password Valid Access Offline KeePass Token Spraying Accounts to Vault Password Manipulation Network Shares Cracking

  21. PRIVILEGE ESCALATION ▪ Objective is to gain higher-level permissions and access on a targeted system or network ▪ Common approaches include abusing misconfigurations, exploiting known or unknown weaknesses or taking advantage of poor account management ▪ Administrative access in an environment provides wider options for an adversary to steal information and move laterally

  22. CITRIX BREAKOUT ▪ Citrix is commonly deployed in corporate environments ▪ It is also commonly misconfigured, providing easy methods for attackers to breakout from the “sandbox” ▪ Initial access is usually a low-level user; thus escalation of privilege is required to move towards the objective

  23. CVE-2019-1069 ▪ Previously unknown vulnerability with a proof-of-concept exploit was published affecting Windows 10 and Windows 2016/2019 servers in May 2019 by SandboxEscaper ▪ F-Secure repurposed the published PoC-exploit to create a local administrator user in Citrix servers to dump credentials for lateral movement. ▪ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069

  24. CREDENTIAL ACCESS

  25. CREDENTIAL ACCESS ▪ Objective is to steal credentials, which can be used for privesc and lateral movement ▪ Commonly used techniques include: ▪ Searching files for credentials ▪ dumping LSASS with admin privileges, using Mimikatz or other similar tools ▪ Or just simple, plain old bruteforce and password spraying attacks

  26. KEEPASSPASSWORD VAULT ▪ KeePass password vaults can be attacked with tools like John the Ripper and Hashcat ▪ “Expired” password vault that was “protected” with a 7 -character password was cracked roughly in a day ▪ The passwords recovered from the vault was then used to move laterally in the network

  27. PASSWORD CRACKING

  28. LATERAL MOVEMENT

  29. LATERAL MOVEMENT ▪ Purpose is to move across the target network using obtained credentials and either legitimate administrator tools or using adversaries own tooling to achieve the objective ▪ Especially in Windows environments using RDP and administrative credentials provide wide access in the environment ▪ Environments are rarely properly segregated, which allows adversaries easily to move between systems and networks ▪ Bi-directional AD forest trusts

  30. CONCLUSIONS

  31. TAKEAWAYS ▪ Identify potential attack paths in your environment ▪ Unused accounts, number of high-privileged accounts, group delegated access rights, forest trust relationships ▪ Review password policies ▪ Implement 2FA for critical services ▪ Invest in detection and response capabilities ▪ And evaluate these actively

  32. BUILDING AND MAINTAINING A ROBUST AND SECURE AD FOREST IS VERY, VERY DIFFICULT

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DIY Blue Teaming DIY Blue Teaming (Keeping attackers out, with duct tape and chewing gum!) DIY

DIY Blue Teaming DIY Blue Teaming (Keeping attackers out, with duct tape and chewing gum!) DIY

DIY Blue Teaming DIY Blue Teaming (Keeping attackers out, with duct tape and chewing gum!) DIY Blue Teaming DIY Blue Teaming Ways to make malware not work Security by obscurity (because sucker punches work, even though nobody wants to admit

1.11k views • 78 slides
Small Business Teaming Arrangements Devon E. Hewitt Partner, Protorae Law PLLC 8075 Leesburg

Small Business Teaming Arrangements Devon E. Hewitt Partner, Protorae Law PLLC 8075 Leesburg

Small Business Teaming Arrangements Devon E. Hewitt Partner, Protorae Law PLLC 8075 Leesburg Pike, Suite 760 Tysons, VA 22182 703.942.6746 dhewitt@protoraelaw.com Types of (Federal) Teaming Arrangements Prime/Sub Teaming Joint

95 views • 6 slides
Teaming: ing: Two or more companies coming together to pursue and fulfill a government

Teaming: ing: Two or more companies coming together to pursue and fulfill a government

Teaming: ing: Two or more companies coming together to pursue and fulfill a government project Each company keeps their separate identity The companies enter into a formal teaming agreement (a form a partnership agreement

556 views • 55 slides
Teaming of Conventional Submarines and XLUUV W. H. Wehner 1 , Dr. C. Fruehling 2 , Dr. B. Lehmann 3

Teaming of Conventional Submarines and XLUUV W. H. Wehner 1 , Dr. C. Fruehling 2 , Dr. B. Lehmann 3

UDT 2020 Teaming of Conventional Submarines and XLUUV / Extra-Large Unmanned Platforms UDT Extended Abstract Teaming of Conventional Submarines and XLUUV W. H. Wehner 1 , Dr. C. Fruehling 2 , Dr. B. Lehmann 3 , Dr. T. Wiegang 4 , N. Paul 5 1 Head

218 views • 5 slides
Slide Handouts: Teaming Take Action Welcome to Module 4: Lesson 3. S trategies for S

Slide Handouts: Teaming Take Action Welcome to Module 4: Lesson 3. S trategies for S

RPMs | Module 4 Teaming and Collaboration Take Action Slide Notes Slide Handouts: Teaming Take Action Welcome to Module 4: Lesson 3. S trategies for S uccessful Partnerships Page 1 of 21 RPMs | Module 4 Teaming and Collaboration

395 views • 21 slides
Teaming Up for Software Development Lus Soares Departamento de Informtica Universidade do

Teaming Up for Software Development Lus Soares Departamento de Informtica Universidade do

Teaming Up for Software Development Lus Soares Departamento de Informtica Universidade do Minho Engenharia de Aplicaes Lus Soares Teaming Up for Software Development Introduction Agenda In the end of the session the attendee

416 views • 28 slides
Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton

Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton

Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook) Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world ...with Manipulated

983 views • 79 slides
Interven'ons for Idea'on Impact of framing, teaming, and tools

Interven'ons for Idea'on Impact of framing, teaming, and tools

Interven'ons for Idea'on Impact of framing, teaming, and tools on high school students design fixa'on Eli M. Silk & Shanna R. Daly University

197 views • 16 slides
Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies

Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies

Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies for offensive Red Team operations K. Mladenov A. Zismer { kmladenov,azismer } @os3.nl Master Students in System and Network Engineering University

692 views • 57 slides
hip, transitioning from command and control to teaming and trust Dr. Scott Reed Head of

hip, transitioning from command and control to teaming and trust Dr. Scott Reed Head of

Joining Humans and Robots at the hip, transitioning from command and control to teaming and trust Dr. Scott Reed Head of Engineering The 5 Year Vision 1. Can you survey the 1 sq. km area immediately outside the harbour? 3. I see the ATR

279 views • 14 slides
The NEW School Rules Leadership Seminar Course Intro, Planning, Teaming This course is for every

The NEW School Rules Leadership Seminar Course Intro, Planning, Teaming This course is for every

The NEW School Rules Leadership Seminar Course Intro, Planning, Teaming This course is for every leader who wants to instigate change and create environments of growth, excitement, and passion. Based on EEs seven years of work in change

493 views • 4 slides
Teaming to Win Federal Contracts A Business Development Approach to Partnerships September 2016

Teaming to Win Federal Contracts A Business Development Approach to Partnerships September 2016

Teaming to Win Federal Contracts A Business Development Approach to Partnerships September 2016 David Hart, Sr. Director BD (P) 888.549.8033 www.seguetech.com 2300 Wilson Blvd. Suite 420, Arlington, VA 22201 About the Presenter Seamless

505 views • 48 slides
4R Nutrie trient nt Stewar ardship dship Program am The Nature Conservancy Teaming with the

4R Nutrie trient nt Stewar ardship dship Program am The Nature Conservancy Teaming with the

SPONSOR ONSOR of 4R Nutrie trient nt Stewar ardship dship Program am The Nature Conservancy Teaming with the Florida agriculture industry to increase farmer profitability and reduce nutrient loss and run off to the States waters

534 views • 19 slides
Metrics & Test Methods for Human-Robot Teaming Jeremy Marvel, PhD U.S. Department of

Metrics & Test Methods for Human-Robot Teaming Jeremy Marvel, PhD U.S. Department of

Metrics & Test Methods for Human-Robot Teaming Jeremy Marvel, PhD U.S. Department of Commerce National Institute of Standards and Technology Engineering Laboratory, Intelligent Systems Division Robotics Thank you! These are unprecedented

257 views • 7 slides
HAT Tricks: Understanding Human Autonomy Teaming through Applications Bimal Aponso SAE/NASA

HAT Tricks: Understanding Human Autonomy Teaming through Applications Bimal Aponso SAE/NASA

HAT Tricks: Understanding Human Autonomy Teaming through Applications Bimal Aponso SAE/NASA Autonomy and Next Generation Flight Deck Symposium April 18, 2017 What is a Hat Trick ? Achieving a positive feat three times in a game

615 views • 12 slides
Computational Red Teaming to Investigate Failure Patterns in Medium Term Conflict Detection

Computational Red Teaming to Investigate Failure Patterns in Medium Term Conflict Detection

8th EUROCONTROL Innovative Research Workshop Computational Red Teaming to Investigate Failure Patterns in Medium Term Conflict Detection (MTCD) S. Alam, H.A. Abbass, C.J. Lokan M. Ellejmi and S. Kirby DSARC EUROCONTROL University of New

311 views • 20 slides
An innovative and comprehensive framework for Social Driven Vulnerability Assessment 20

An innovative and comprehensive framework for Social Driven Vulnerability Assessment 20

An innovative and comprehensive framework for Social Driven Vulnerability Assessment 20 November 2014 Who are we? Enrico o Frument nto Rober erto Puricelli lli (twitter: enricoff) (twitter: robywankenoby) ICT Security Specialist @

895 views • 67 slides
Security Psychology Topics Weve Covered Ethics XSS CSRF SQL injection

Security Psychology Topics Weve Covered Ethics XSS CSRF SQL injection

Security Psychology Topics Weve Covered Ethics XSS CSRF SQL injection Passwords Command injection Scanning Malware Most of these attacks are enabled by social engineering. Todays Class Pretexting

516 views • 26 slides
Alerting Husbandry Julien Goodwin jgoodwin@studio442.com.au @laptop006 Bad Alerts Obsolete

Alerting Husbandry Julien Goodwin jgoodwin@studio442.com.au @laptop006 Bad Alerts Obsolete

Alerting Husbandry Julien Goodwin jgoodwin@studio442.com.au @laptop006 Bad Alerts Obsolete Alerts $THING is down! Because we turned it down a year ago $THING has bug $FOO! Really? The vendor fixed it three years ago and we

288 views • 17 slides
A Priacy-Presering Scial-Aware Incentie System fr Wrd-f-Muth Adertisement

A Priacy-Presering Scial-Aware Incentie System fr Wrd-f-Muth Adertisement

A Priacy-Presering Scial-Aware Incentie System fr Wrd-f-Muth Adertisement Disseminatin n Smart Mbile Deices Wei Peng 1 Feng Li 1 Xukai Zu 1 Jie Wu 2 1 Indiana Uniersity-Purdue Uniersity Indianalis (IUPUI) 2

740 views • 63 slides
Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department,

Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department,

Notes Case-control studies and cybercrime Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 14 Guide to analyzing data Notes Type of Data Exploration Statistics RByEx ecdf(br$logbreach)

281 views • 3 slides
Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference - 2018 Frankie Li You heard a lot ... Like this But not from Hong Kong 2014-2015 7 2016: APT 3 targeted the organizations with

635 views • 42 slides
The Great Hotel Hack Adventures in attacking hospitality industry Etizaz Mohsin

The Great Hotel Hack Adventures in attacking hospitality industry Etizaz Mohsin

The Great Hotel Hack Adventures in attacking hospitality industry Etizaz Mohsin https://etizazmohsin.com Disclaimer No hotels were harmed during making of this presentation Do not try this at home! Images Courtesy: ANTlabs & INTSIGHTS

1.11k views • 90 slides
Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses & worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides

More recommend