Recommended
Recommended
More Related Content
Similar to Power Saturday 2019 E3 - SharePoint unexplained
Similar to Power Saturday 2019 E3 - SharePoint unexplained (20)
More from PowerSaturdayParis
More from PowerSaturdayParis (18)
Recently uploaded
Recently uploaded (20)
Power Saturday 2019 E3 - SharePoint unexplained
- 1. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 14 et 15 juin 2019, Paris Power Saturday
- 2. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 3 communautés pour partager, échanger et apprendre Power BI, Data, IA, Power Platform, Office 365, SharePoint, etc.
- 3. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Merci à nos sponsors http:// PowerSaturday.com Silver Bronze Gold
- 4. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 The European SharePoint, Office 365 & Azure Conference 4 Days 2,500 Delegates 150+ Sessions 120 Speakers Use code ESPC19SPSP for 10% discount on all tickets www.sharepointeurope.com
- 5. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Power Saturday SharePoint unexplained Ivan Vagunin
- 6. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖ Ivan Vagunin, Ph.D. ❖ Systems Architect at Digia Oy ❖ MSCM: SharePoint ❖ Security researcher, MSRC TOP 100 BH 2018 ❖ Occasional community contributor ❖ https://twitter.com/ivagunin Who am I?
- 7. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Troubleshooting “Analyse and solve serious problems for a company or other organization. trace and correct faults in a mechanical or electronic system.”
- 8. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Troubleshooting
- 9. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 “Backward chaining is the logical process of inferring unknown truths from known conclusions by moving backward from a solution to determine the initial conditions and rules.” Why did it happen?
- 10. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Case of mysterious front page
- 11. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖SharePoint Online ❖Classic team site (with publishing features) ❖Users from external network see different home page Reconnaissance
- 12. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Making assumption IntranetReserve proxy Company proxy internet
- 13. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Seeing is believing
- 14. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Getting more test data
- 15. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Spot the difference
- 16. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖Do not make rush assumptions ❖Plan MUI responsibly ❖Avoid using web parts for branding Lessons learned
- 17. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Case of lost access
- 18. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖ SharePoint 2013, 4 servers ❖ Intranet is a single site collection ❖ Non-privileged users lost access to Intranet ❖ Site collection admin still had access ❖ Non-privileged users had access few hours before incident Reconnaissance
- 19. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖Preserve logs ❖Find relevant logs ❖Make notes Working with logs
- 20. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
- 21. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖Use right tools to process logs ❖Use timing to correlate events in logs ❖Use least privilege principal ❖Use multiple site collection to isolate users Lessons learned
- 22. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Case of unsafe deserialization
- 23. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 CVE-2019-0604
- 24. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 CVE-2019-0604
- 25. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 CVE-2019-0604
- 26. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 KB4462171
- 27. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 sts2019-kb4462171-fullfile-x64-glb.exe
- 28. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 sts2019-kb4462171-fullfile-x64-glb.exe
- 29. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Microsoft.SharePoint.dll vs stsom.dll
- 30. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Attacks against .net deserialization ❖Deserialization of user controlled type ❖Deserialization of user controlled object (or some part of object) https://www.blackhat.com/docs/us-17/thursday/us-17- Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
- 31. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Entry points
- 32. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019
- 33. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Exploitation
- 34. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 ❖Have patch management that makes sense ❖Estimate risks ❖Verify yourself Lessons learned
- 35. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Merci!
- 36. @ClubPowerBI @aosComm @GUSS_FRANCEPower Saturday 2019 Evaluations