Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator.

Published byEustacia Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator."— Presentation transcript:

1 Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator | ondrej@sevecek.com | www.sevecek.com | Infrastructure (in)security

2 Agenda  Where antimalware fails?  Where admin fails!

3 Custom code  Antimalware detects only well-known code signatures –heuristics?  PowerShell, C#, ASP, …  Take a look at this…

4 Limited user  Hardware keylogger *  Software keylogger * –https://www.sevecek.com/Lists/Posts/Post.aspx?ID=416  Never type sensitive passwords on insecure machines

5 What to do with a password?  Try if any other account does not have the same password * –https://www.sevecek.com/Lists/Posts/Post.aspx?ID=387  Never use the same password twice

6 UAC will keep me secure  No –https://www.sevecek.com/Lists/Posts/Post.aspx?ID=404  It works only locally –code started manually *  Do not work under sensitive accounts  Use personal limited accounts

7 That guys are local admins!  Hack local admin * –system partition unencrypted –https://www.sevecek.com/Lists/Posts/Post.aspx?ID=213  Any workstation is compromised  Encrypt system with BitLocker and TPM –users must not know the password

8 UAC will keep me secure  No  It works only locally –code injected through "autorun" *  Do not work under sensitive accounts on insecure machines

9 Audit tools?  Antimalware?  Autoruns? –does not verify PowerShell code * –trusts in what you yourself trust * –https://www.sevecek.com/Lists/Posts/Post.aspx?ID=235  Every tool can be fooled

10 Web servers  Third party suppliers  Local limited admins –impersonation * –basic delegation * –Kerberos delegation * https://www.sevecek.com/Lists/Posts/Post.aspx?ID=101  Never access applications with privileged accounts

11 RDP is plain-text authentication  Unfortunately –passwords can be extracted from LSASS memory * –https://www.sevecek.com/Lists/Posts/Post.aspx?ID=360  Use MMC, RPC, DCOM, WMI, C$, Admin$, REGEDIT or SCCM Remote Tools instead –authenticates with Kerberos

12 LSASS extraction made nice  Just let the admin access your web site –passwords can be extracted from LSASS memory *  Again, never access applications with privileged accounts

13 Stolen CA  NTAuth CAs issue logon certificates independently from DCs –never appears on CRL *  Do not let them take your CA

14 Thank you!  and also come to GOPAS: –GOC169 - Auditing ISO/IEC 27001 and 27002 –GOC171 - Active Directory Troubleshooting –GOC172 - Kerberos Troubleshooting –GOC173 - Enterprise Cryptography and PKI –GOC175 - Advanced Windows Security

Download ppt "Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator."

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Chapter 13 Securing Windows Server 2008

Chapter 13 Securing Windows Server 2008
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |

Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |
Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.

Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Email Services Encrypted Memory Sticks Fax Secure.

November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Services Encrypted Memory Sticks Fax Secure.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.

Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
Troubleshoot Access, Authentication, and User Account Control Issues Lesson 8.

Troubleshoot Access, Authentication, and User Account Control Issues Lesson 8.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Similar presentations

Ads by Google