• Home

  • Software

  • From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil
16
From User to Domain Admin: A Step-By-Step Guide on How to Be a Little Evil Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT Contact: [email protected] | http://cqure.us New York, Dubai, Warsaw @paulacqure @CQUREAcademy

From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Embed Size (px)

Citation preview

Page 1: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

From User to Domain Admin: A Step-By-Step Guide on

How to Be a Little Evil

Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert

CQURE Academy: Trainer

MVP: Enterprise Security, MCT

Contact: [email protected] | http://cqure.us

New York, Dubai, Warsaw

@paulacqure

@CQUREAcademy

Page 2: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil
Page 3: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Upcoming Workshops: 7th -11th of March – NYC – Hacking and Securing Windows Infrastructure

4th – 8th of April – NYC – Hacking and Securing Windows Infrastructure

2nd – 6th of May – NYC - Hacking and Securing Windows Infrastructure

Please Contact our office in United States office and mention BeyondTrust!

[email protected]

Exclusive discounts for all attendees in today’s seminar.

Page 4: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil
Page 5: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil
Page 6: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil
Page 7: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Offline access allows someone to bypass a system’s security

mechanisms Useful in critical situations

Almost every object that contains information can be read

offline It is a minimal privilege for the person with good intentions

It is a maximum privilege for… everybody else

Simplified offline access is acceptable if you do not value

your information

Page 8: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Potential Attacker Pathways

Page 9: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil
Page 10: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Services • When used as a part of software that was not installed in %systemroot% or %programfiles%

• Installed in a folder with inappropriate ACLs

Permissions • Should be audited

• Should be set up as a part of NTFS, not as a part of shares

BackupRead / BackupWrite • Copy operation that is more important than ACLs

• Used by backup software

Page 11: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Summary

Learn how to detect malicious situations

Know your system when it is safe – you need a baseline

If you detect a successful attack – do not try to fight

Report the issue

Investigate or do a penetration test /IT Audit

Estimate the range of the attack

Know how to recover your data, when necessary

Page 12: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Retina Enterprise

Vulnerability

Management Alex DaCosta

Product Manager

Page 13: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Network Security

Scanning

Enterprise Vulnerability

Management

Dynamic Web

Application Scanning

Cloud-Based

Perimeter Scanning

Privileged Password

Management

Privilege

Management

Auditing &

Protection

Active Directory

Bridging

The BeyondInsight IT Risk Management Platform

EXTENSIVE

REPORTING

CENTRAL DATA

WAREHOUSE

ASSET

DISCOVERY

ASSET

PROFILING

ASSET SMART

GROUPS

USER

MANAGEMENT

WORKFLOW AND

NOTIFICATION

THIRD-PARTY

INTEGRATION

Retina Vulnerability Management Solutions

PowerBroker Privileged Account Management Solutions

ADVANCED THREAT

ANALYTICS

NETWORK

INFRASTRUCTURE

MOBILE, VIRTUAL

AND CLOUD

APPLICATIONS &

DATABASES SERVERS & DESKTOPS

ACTIVE DIRECTORY,

EXCHANGE, FILE SYS.

Page 14: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Demonstration

Page 15: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Poll

Page 16: From User to Domain Admin: A Step-by Step Guide on How to Be a Little Evil

Q&A

Thank you.


How to Add User to Google Analytics Step by Step Guide · How to Add User to Google Analytics Step by Step Guide Keller Tiemann Sign In & Select Admin Sign in to Google Analytics

How to Add User to Google Analytics Step by Step Guide · How to Add User to Google Analytics Step by Step Guide Keller Tiemann Sign In & Select Admin Sign in to Google Analytics

Documents
See No Evil, Hear No Evil, Remedy No Evil: How the Ontario ... · See No Evil, Hear No Evil have read over 1,000 reasonably significant Tribunal decisions. Each of these sources has

See No Evil, Hear No Evil, Remedy No Evil: How the Ontario ... · See No Evil, Hear No Evil have read over 1,000 reasonably significant Tribunal decisions. Each of these sources has

Documents
The Evil Within and the Evil Without in 2010

The Evil Within and the Evil Without in 2010

Documents
Step 1: to your Cable/DSL Internet Modem Step 2: Connect ... · Step 1: Unplug the Power to your Cable/DSL Internet Modem ... admin and your created password (created earlier)

Step 1: to your Cable/DSL Internet Modem Step 2: Connect ... · Step 1: Unplug the Power to your Cable/DSL Internet Modem ... admin and your created password (created earlier)

Documents
If but Will Step-By-step SQL Injection SQL Injection Hack Hack How Easy Admin

If but Will Step-By-step SQL Injection SQL Injection Hack Hack How Easy Admin

Documents
He who has done evil, expects evil

He who has done evil, expects evil

Documents
REMAPPING YOUR PADDLES - Evil Controllers...REMAPPING YOUR PADDLES STEP 1 STEP 2 STEP 3 STEP 4 Note: You must press touchpad örst in order to access remapping. NSHIFT . Title: RemapInstructionsTemp.indd

REMAPPING YOUR PADDLES - Evil Controllers...REMAPPING YOUR PADDLES STEP 1 STEP 2 STEP 3 STEP 4 Note: You must press touchpad örst in order to access remapping. NSHIFT . Title: RemapInstructionsTemp.indd

Documents
Admin Portal User guide - communityexchange-bc.com · Logging into Inpriva’s Admin Portal Flowchart and Step by Step Process Flowchart Open Web Browser Launch HISP Secure Web Portal

Admin Portal User guide - communityexchange-bc.com · Logging into Inpriva’s Admin Portal Flowchart and Step by Step Process Flowchart Open Web Browser Launch HISP Secure Web Portal

Documents
How to setup requirements for G Suite platform? · Step -1 –Go to G Suite Domain Admin Console and sign in with admin account as shown below: copyright@2019 Step -2 –After successful

How to setup requirements for G Suite platform? · Step -1 –Go to G Suite Domain Admin Console and sign in with admin account as shown below: copyright@2019 Step -2 –After successful

Documents
Research Article - IJRAPijrap.net/admin/php/uploads/1702_pdf.pdf · Research Article ... Nitya Mrudu Virechana and Bahirparimarjana Step 2: Sadyo Virechana Step 3: ... Sthoulya etc

Research Article - IJRAPijrap.net/admin/php/uploads/1702_pdf.pdf · Research Article ... Nitya Mrudu Virechana and Bahirparimarjana Step 2: Sadyo Virechana Step 3: ... Sthoulya etc

Documents
HOW TO GENERATE PROFIT REPORT User’s Guide. Step 1. At the admin main window Step 2. Click Reports

HOW TO GENERATE PROFIT REPORT User’s Guide. Step 1. At the admin main window Step 2. Click Reports

Documents
STEP BY STEP GUIDE eSECURE - DHL...Step 3: Add more account admin if needed If more than one account admin is needed, the first account admin can easily add new account admin here

STEP BY STEP GUIDE eSECURE - DHL...Step 3: Add more account admin if needed If more than one account admin is needed, the first account admin can easily add new account admin here

Documents
See no evil, hear no evil - BruCON 2017files.brucon.org/2017/008_Matt_Wixey_See_No_Evil.pdf · See no evil, hear no evil ... Read up on relevant laws, ... • “A closer look at

See no evil, hear no evil - BruCON 2017files.brucon.org/2017/008_Matt_Wixey_See_No_Evil.pdf · See no evil, hear no evil ... Read up on relevant laws, ... • “A closer look at

Documents
Chapter 8: Troubleshooting and FAQs...Recovering Admin Password on LMS Virtual Appliance To view or change the process status: Step 1 Select Admin > System > Server Monitoring > Processes

Chapter 8: Troubleshooting and FAQs...Recovering Admin Password on LMS Virtual Appliance To view or change the process status: Step 1 Select Admin > System > Server Monitoring > Processes

Documents
Assessment and Rating Centre Support’s Step-By-Step …€˜Step... · W | F | 1800 308 029 E | admin@centresupport.com.au M | PO Box 3378, Bangor NSW 2234 T | 1800 440 102 P a

Assessment and Rating Centre Support’s Step-By-Step …€˜Step... · W | F | 1800 308 029 E | [email protected] M | PO Box 3378, Bangor NSW 2234 T | 1800 440 102 P a

Documents
Deliver us from Evil - Anthropology of evil

Deliver us from Evil - Anthropology of evil

Spiritual
Admin-1 24 Page 1 of 8 REGION II JOB PERFORMANCE … · Admin-1 24 Page 7 of 8 CRITICAL STEP EXPLANATIONS: STEP # Explanation 1 Required to determine if minimum On Shift Experience

Admin-1 24 Page 1 of 8 REGION II JOB PERFORMANCE … · Admin-1 24 Page 7 of 8 CRITICAL STEP EXPLANATIONS: STEP # Explanation 1 Required to determine if minimum On Shift Experience

Documents
Resident Evil 1 - Créer un blog gratuitement - …ekladata.com/tNr7c6hW9GlQuoMSip3kE8K5yoo.pdfResident Evil: Deadly Silence 56 Resident Evil: Umbrella Chronicles 56 Resident Evil:

Resident Evil 1 - Créer un blog gratuitement - …ekladata.com/tNr7c6hW9GlQuoMSip3kE8K5yoo.pdfResident Evil: Deadly Silence 56 Resident Evil: Umbrella Chronicles 56 Resident Evil:

Documents
MIS Admin Project - Kotter's 8 Step Model

MIS Admin Project - Kotter's 8 Step Model

Business
HEAR NO EVIL, SEE NO EVIL, AND SPEAK NO EVIL: A CRITIQUE ...archive.kubatana.net/docs/elec/rau_critique_zec... · HEAR NO EVIL, SEE NO EVIL, AND SPEAK NO EVIL: A CRITIQUE OF THE ZIMBABWE

HEAR NO EVIL, SEE NO EVIL, AND SPEAK NO EVIL: A CRITIQUE ...archive.kubatana.net/docs/elec/rau_critique_zec... · HEAR NO EVIL, SEE NO EVIL, AND SPEAK NO EVIL: A CRITIQUE OF THE ZIMBABWE

Documents
See No Evil, Say No Evil: Description Generation from ...markyatskar.com/publications/StarSem2014-SeeNoEvil.pdf · See No Evil, Say No Evil: ... tive sentences from densely annotated

See No Evil, Say No Evil: Description Generation from ...markyatskar.com/publications/StarSem2014-SeeNoEvil.pdf · See No Evil, Say No Evil: ... tive sentences from densely annotated

Documents
skype ID: store.belvg email: store ... · the extension is installed right. Step 5: Relogin to admin panel (log out and back into Magento Admin Panel). Step 6: Go to System > Configuration

skype ID: store.belvg email: store ... · the extension is installed right. Step 5: Relogin to admin panel (log out and back into Magento Admin Panel). Step 6: Go to System > Configuration

Documents
MBS@Gov User Guide User Guide.pdf · 4.2. Set up CorpPass for MBS@Gov 4. Select Digital Service Access to MBS@Gov 32 STEP 2 STEP 3 STEP 4 STEP 5 Part 1: CorpPass Admin can select

MBS@Gov User Guide User Guide.pdf · 4.2. Set up CorpPass for MBS@Gov 4. Select Digital Service Access to MBS@Gov 32 STEP 2 STEP 3 STEP 4 STEP 5 Part 1: CorpPass Admin can select

Documents
The New Kids On The Block "Step By Step" Guide To The WordPress Admin

The New Kids On The Block "Step By Step" Guide To The WordPress Admin

Self Improvement
Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index

Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index

Documents
COPING WITH PARENTING · PDF fileCoping with Parenting Step-Children 1 ... As children we heard many fairy tales about wicked and evil ... death and the formation of a step-family

COPING WITH PARENTING · PDF fileCoping with Parenting Step-Children 1 ... As children we heard many fairy tales about wicked and evil ... death and the formation of a step-family

Documents
Step 1 - LGEDoldweb.lged.gov.bd/UploadedDocument/UnitPublication/9/210...1.PE-Admin (Upazila): e-Mail to xen.procurement@lged.gov.bd 2.PE-Admin (District): Call 02-9128405 (Md. Zashidul

Step 1 - LGEDoldweb.lged.gov.bd/UploadedDocument/UnitPublication/9/210...1.PE-Admin (Upazila): e-Mail to [email protected] 2.PE-Admin (District): Call 02-9128405 (Md. Zashidul

Documents
Evil and Suffering. Evil Evil: “physical pain, mental suffering and moral wickedness”(John Hick, Philosophy and Religion) Four types of evil : Natural

Evil and Suffering. Evil Evil: “physical pain, mental suffering and moral wickedness”(John Hick, Philosophy and Religion) Four types of evil : Natural

Documents
Bonita Open Solution - BPM · Part 3 is a step-by-step guide to completing all the tasks in the example process. In Part 3, two user roles are explained: ... *Admin: login: admin

Bonita Open Solution - BPM · Part 3 is a step-by-step guide to completing all the tasks in the example process. In Part 3, two user roles are explained: ... *Admin: login: admin

Documents
Evil Genius 1 Running Head: EVIL GENIUS - PScience · Evil Genius 1 Running Head: EVIL GENIUS . Evil Genius? How Dishonesty Can Lead to Greater Creativity . Francesca Gino . Harvard

Evil Genius 1 Running Head: EVIL GENIUS - PScience · Evil Genius 1 Running Head: EVIL GENIUS . Evil Genius? How Dishonesty Can Lead to Greater Creativity . Francesca Gino . Harvard

Documents