Presentation is loading. Please wait.

Presentation is loading. Please wait.

HACKING TECHNIQUES and Mitigations Brady Bloxham.

Similar presentations

Presentation on theme: "HACKING TECHNIQUES and Mitigations Brady Bloxham."— Presentation transcript:

1 HACKING TECHNIQUES and Mitigations Brady Bloxham

2 About Us Services Vulnerability assessments Wireless assessments Compliance testing Penetration testing Eat, breathe, sleep, talk, walk, think, act security!

3 Agenda Old methodology New methodology Techniques in action Conclusion

4 The Old Way Footprinting Network Enumeration Vulnerability Identification Gaining Access to the Network Escalating Privileges Retain Access Return and Report

5 The Old Way (continued)

6 The New Way (my way!) Recon Plan Exploit Persist Repeat Simple, right?!

7 The New Way (continued) Recon Plan Exploit Domain Admin? No Persist Report! Yes

8 Old vs. New So what you end up with is…

9 Recon Two types Pre-engagement On the box

10 Recon – Pre-engagment Target IT Social Networking LinkedIn Facebook Google Bing Create profile Play to their ego Play to desperation Play to what you know

11 Recon – Pre-engagment Social Engineering

12 Recon – On the box Netstat

13 Recon – On the box Set

14 Recon – On the box Net

15 Recon – On the box Net

16 Recon – On the box Net

17 Recon Registry Audit Settings HKLM\Security\Policy\PolAdtEv Dump hashes Local hashes Domain cached credentials Windows credential editor Application credentials (Pidgin, Outlook, browsers, etc.) RDP history HKU\Software\Microsoft\Terminal Server Client\Default Installed software HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

18 Recon What do we have? High value servers (domain controller, file servers, , etc.) Group and user list Domain admins Other high value targets Installed applications Detailed account information Hashes and passwords

19 Plan


21 Test, test test! Real production environment! Recreate target environment Proxies AV Domain Verify plan with customer Think outside the box!

22 Plan


24 Exploit

25 The reality is…its much easier than that! No 0-days necessary! Macros Java applets EXE PDFs

26 Exploit Java Applet Domain – $4.99/year Hosting – $9.99/year wget – Free! Pwnage – Priceless! Macros Base64 encoded payload Convert to binary Write to disk Execute binary Shell!

27 Exploit The problem? A reliable payload! Obfuscation Firewalls Antivirus Proxies




31 Persist

32 Separates the men from the boys! Custom, custom, custom! Nothing good out there… Meterpreter – OSS Core Impact – Commercial Poison Ivy – Private DarkComet – Private Whos going to trust these?

33 Persist How? Registry Service Autorun Startup folder DLL hijacking What? Beaconing backdoor Stealthy Blend with the noise Modular

34 Repeat?!

35 Conclusion Old methodology is busted! Compliance != Secure Its not practice makes perfect…

Download ppt "HACKING TECHNIQUES and Mitigations Brady Bloxham."

Similar presentations

Ads by Google