Embed Size (px)
Citation preview
You’ve discovered elevated
privileges – now what?
Martin Cannard – Product Manager
Taking a step back…
Mixing Business & Pleasure
(The problem with passwords)
People are not good at choosing strong passwords
Sharing personal and business passwords?
Source: https://haveibeenpwned.com/PwnedWebsites
EMPLOYEES AND OTHER INSIDERS
HAVE UNNECESSARY ACCESS
Employees, vendors and other insiders are often given
excessive access to systems and data – and that access
can go unmonitored.
Source: Verizon 2016 Data Breach Investigations Report
6
82% of cases in the report show compromises happening in minutes.
68% of the time, data exfiltration happens in a matter of days.
Privilege abuse was behind 66% of insider misuse incidents.
Source: Verizon 2016 Data Breach Investigations Report
CREDENTIALS ARE SHARED
AND UNMANAGED
Passwords are created and shared, but aren’t audited,
monitored or managed with discipline or accountability.
7
IT ASSETS COMMUNICATE
UNCHECKED
Desktops, laptops, servers and applications communicate and
open paths to sensitive assets and data.
Source: Verizon 2016 Data Breach Investigations Report
50% of all exploitations from system vulnerabilities happen 10-100 days after
the vulnerability is published, with the median around 30 days.
8
Attack Chain
9
Attack Chain
X X X
X
X X
X
10
Introducing Privilege DART
YOU DON’T KNOW WHAT
YOU DON’T KNOW…
Basics – The Interface
3
2
1
1. Enter the target range
you wish to scan
2. Enter credentials that
will allow it to discover
3. Start the
scanning/discovery
process
Using the tool – Step 1
Ranges can be entered:
• Single
• Range
• CIDR
Using the tool – Step 2
Under each tab, enter scan
credentials
• Windows Passwords
• SSH Passwords
(may be elevated)
• SSH Public Keys
(may be elevated)
Using the tool – Step 3
Start Scan…
• Discovery phase
• Analysis phase
The Results – What Next?
The results screen displays
data about discovered
systems and accounts
Actions:
• HTML Report
• Excel Analysis
• XML export to Password
Safe
Results – HTML Report
Results – Excel Report
Results – Export to Password Safe
Now for the good stuff…
Taking the next step, in Password Safe
DEMO
Try Privilege Discovery and Report Tool (DART) for free!
• Discover: Finds and enumerates user accounts, all local
accounts, SSH keys, Windows and Linux groups, default
and hard-coded passwords, etc.
• Profile: Displays high level metrics such as password age
on credentials, accounts, and assets in a dashboard-type
view
• Report: Creates an HTML-based report, Excel report, and
can export data into XML which can be used to import
later into Password Safe
https://www.beyondtrust.com/free-privilege-discovery-reporting-tool
Privilege DART is a free tool that reveals elevated privileges on Windows, Mac, Linux
and Unix systems throughout your organization.
Poll
Q&A
Thank you for attending.
