• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Hackers (Not) Halted
 

Hackers (Not) Halted

on

  • 812 views

More info on http://techdays.be.

More info on http://techdays.be.

Statistics

Views

Total Views
812
Views on SlideShare
812
Embed Views
0

Actions

Likes
0
Downloads
34
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Sapd + Mimikatz
  • [12]
  • Rubberduck – access to your hardware
  • [40]
  • TenasrvNetwork miner + Update effectICMPPSPY2000 – 2001 appliancesluzyl jako proxy do icmp. sgssymantecTracert
  • [20]
  • FreddyDac, sddl.
  • BR/BW + Freddy
  • [25] uczenie, nie stosowanie
  • SRP
  • LinkedIn + Kate + HooksZa duzo zaufania do 1 warstwyWarmers + Hooks!
  • [32] Olanie
  • Malware
  • [45] Windows explorer <- ma go pod klikiem
  • Explorer.exe [Client]
  • [50-52]Entryttl?
  • Debugger running -> PIPE=W7!Start W7-CLI -> KerneldebuggingWEB->W7 audiodg.exe, notepad.exeSymbol Type Viewer

Hackers (Not) Halted Hackers (Not) Halted Presentation Transcript

  • Hackers (Not) Halted Paula Januszkiewicz CQURE: CEO, Penetration Tester iDesign: Security Architect
  • Contact Paula Januszkiewicz CQURE: CEO, Penetration Tester iDesign: Security Architect paula@cqure.pl | paula@idesign.net http://idesign.net
  • Session GoalsBe familiar with the administrator’s mistakes that are:
  • Agenda Summary 3
  • Agenda Summary 3
  • Misunderstanding Passwords
  • Passwords Never Sleep
  • Ignoring Offline Access
  • Ignoring Access to YourHardware
  • (Not) Known Data in the Network
  • Monitoring Network Traffic
  • (Not) Too Much ControlServices When used as a part of software that was not installed in %systemroot% or %programfiles% Installed in a folder with inappropriate ACLsPermissions Should be audited Should be set up as a part of NTFS, not as a part of sharesBackupRead / BackupWrite Copy operation that is more important than ACLs Used by backup software
  • Why (Not) to UseGranularity?
  • Using Old Technology
  • Old Technology a Little BitToo… Old
  • 1-Layer Encryption
  • Easy and UsefulEncryption
  • Installing Pirated Software& My Small ResearchInstallation of software is performed on the administrativeaccount
  • Malware Around theCorner
  • What You See Is NOT What You Get
  • Blinded Operating System
  • Too Much Trust in People
  • Too Much Trust… (Not)
  • Lack of Documentation & Training
  • Agenda Summary 3
  • Be Proactive!
  • Areas of Focus
  • Dirty Games: Protection Mechanisms
  • Protected Processes
  • Hooks
  • Hooking