Yesterday I attended the TechEd Europe 2013 Pre-conference. I had signed up for the ‘Lessons from the Field: Useful Hacker Techniques for Administrators’ session by Hasain Alshakarti, Paula Januszkiewicz and Marcus Murray. They were quite knowledgeable on the subject matter and presented their information in an interesting way.
To give a short overview of the topics that were covered:
- Use a vulnerable .aspx page on an IIS server in combination with several methods of escalation of privilege to compromise a Active Directory domain.
- Managed Service Accounts as a method to harden application servers
- Abusing Direct Memory Access used by Firewire/Thunderbolt to compromise a fully patched Windows 8 machine using the Inception tool
- Using offline registry to compromise a machine
- Using Aerodump to snif and hack networks
- www.cloudcracker.com is a website that cracks WPA2 passwords in twenty minutes
- Using mimikatz to grab username and password from memory
- Using findstr.exe to grab plain text passwords / hashed passwords from virtual machine memory snapshots
- Core Impact Professional, a hacking / administrative tool that can useful in both scenarios. Either as a emergency response tool or as a malicious tool to take control of computers.
- Rubberducky: A usb key that acts as a keyboard which can be used to bypass UAC and other security features to quickly install malware on a sytem.
- Volitility a memory analysis tool which can be used to gather a variety of information from a dump file. Including passwords and credential hashes
Downloads for this session are available at: