All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds...
Transcript of All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds...
![Page 1: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/1.jpg)
Domeneadmin…før lunsj
![Page 2: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/2.jpg)
Hvem er vi
• Egil Aspevik
• Programmerer
• John-André Bjørkhaug
• Elektronikkingeniør
• NTT Security
• Principle Offensive Security Consultants = Pentestere
• MEN:Dette foredraget er våre personlige meninger og synspunkter
![Page 3: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/3.jpg)
Hva kan pentestes?
AppsInfrastruktur
testingAdgangskontroll
IoT / Smarthus
Fysiske låserMennesker
(Social engineering)Skip
SCADA / OT / ICS
![Page 4: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/4.jpg)
Så, hva er det letteste måten?
![Page 5: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/5.jpg)
Phishing
• Forsikring
• Bank
• Matvare
• Bilforhandlere
• Overraskende høy suksessrate• Creds
• Laster ned og kjører filer
![Page 6: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/6.jpg)
Så, hvem biter på?
IT-administratorer Kullgruve-arbeidere Helsefag-arbeidere
OperatørerLedelse Lefsebakere
![Page 7: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/7.jpg)
![Page 8: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/8.jpg)
Hvorfor ledelsen?
• Phishingkampanjer: Toppledelsen biter først !
• Tilgang til sensitive data
• Har det travel
• Redde for å miste tilganger
![Page 9: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/9.jpg)
Hvordan?
• Kartlegg mål• Søkemotorer• Proff.no• Linkedin• Finn• Facebook• Oslobors.no• Primærinnsidere
Liste over mål
• Path of least resistance
• Oftest phishing
• Utfør angrep
• Epost
• Landingsite
• Nedlasting av fil
• “Post exploitation”
• Hva kan vi få tilgangtil?
• Hvor lenge kan vi være inne?
• Blir vi oppdaget avIDS/IPS/AV ++
![Page 10: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/10.jpg)
Privesc
Dump cachedcreds
LogonsprayLocal admin
Logon DC
ManglendePatcher
Sårbarhetsscan
LUNCH
Domain admin før lunsj!
JA
NEI
Svake konfigurasjoner
![Page 11: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/11.jpg)
Hvordan står det egentlig til da?
![Page 12: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/12.jpg)
Status på lokal admin i 2018
![Page 13: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/13.jpg)
Status på passord i 2018
![Page 14: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/14.jpg)
Status passord• Passord = brukernavn
• <Firmanavn>1
• <Firmanavn><år>
• <Årstid><år>
• Passordgjenbruk
![Page 15: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/15.jpg)
Status på nettverkssegmentering i 2018
![Page 16: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/16.jpg)
Nettverkssegmenteringsmodeller
LAN-party!
Stål-kontroll
«Vi har segmentering»
Utopia-modellen
![Page 17: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/17.jpg)
Hva skal man gjøre??
![Page 18: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/18.jpg)
Beskyttelse• Tekniske sikkerhetsbarrierer på plass
• IDS/AV
• IKKE BARE PÅ PERIMETER!!!!!!!!!!
• Blokker nedlasting og kjøring av eksekverbare filer
• Ikke lokal admin!
• Segmentér og firewall
• Brukeropplæring
• Phishingkampanjer
• Trekk i bonus …
• Sosiale medier
• Kjør pentester! 😝
![Page 19: All your base are belong to us Et foredrag om hacking og ...IDS/IPS/AV ++ Privesc Dump cached creds Logonspray Local admin Logon DC Manglende Patcher Sårbarhetsscan LUNCH Domain admin](https://reader034.fdocuments.us/reader034/viewer/2022042117/5e95217bddc9b5741668cd9a/html5/thumbnails/19.jpg)
TAKK FOR OPPMERKSOMHETEN!
Egil Aspevik
[email protected] / 94237422
John-André Bjørkhaug
[email protected] / 93464053