Paul's Security Weekly - Episode 513
Recorded on May 11, 2017
- Password Magic Numbers Rob 'mubix' Fuller
- scanless A Public Port Scan Scraper
- Coming together to address Encapsulated PostScript (EPS) attacks
- SSA.GOV To Require Stronger Authentication
- Android Permissions Flaw Will Linger Until O Release
- Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump
- Session Hijacking, Cookie-Stealing WordPress Malware Spotted
- ASUS Patches RT Router Vulnerabilities
- Attention, Asus RT wireless router owners: Patch your gear now to squash web hijack bugs
- Oh, great: There's a new Same Origin Policy exploit for Edge
- Avast blocks the entire internet again
- 120,000 IoT Cameras Vulnerable To New Persirai Botnet
- Adobe Patches Critical Vulnerabilities In Flash, OEM
- Trump Fires FBI Director Comey
Interview: Steven Lipner, SAFEcode - 6:00PM-7:00PM
Tech Segment: Roi Abutbul and Guy Franco, Javelin Networks - 7:00-7:30PM
Why is it so important to protect AD? Did you know that from any machine connected to the domain, with no special privileges, you can get 100% visibility into the entire corporation, without any risk of detection?
How? With a simple query to the AD.
Let me give you some examples:
Attackers can ask the AD for a list of all servers and computers that are registered in the corporation along with a list of all the powerful identities. Attackers can be more specific and ask the AD to provide a list of servers with a particular application running. They can also learn when the last time someone logged into the server! (This helps them determine if it is worth their time, or if it’s a honeypot.)
These queries take a few seconds and requires no special tools or malicious binaries. To add insult to injury, there is no solution today that can prevent this from happening.
To reiterate, all attackers need is just one compromised endpoint that is connected to the domain, and they have 100% visibility of your entire corporate environment. And, as you know, there are endless ways to break through the perimeter—from phishing emails to an infected website to even an insider.
Now I can’t sleep! Why is Microsoft not doing anything about it? Because it is by design; and as far as they’re concerned, it is not a vulnerability that needs a solution.
How common is AD in the corporate world? 9 out of 10 companies around the world are using AD to manage their resources—from governments to hospitals to banks and even retailers. According to Gartner, almost 100% of their computers are connected to the domain.
When attackers have 100% visibility of the entire corporation, what happens next? There is a misconception about what’s next. A lot of people think that attackers use exploits and zero-days to move laterally to the next machine. That is simply not true.
In reality, they obtain valid domain credentials and move laterally to the next target undetected, using legitimate tools and protocols. (There are many stealthy attack methodologies that aid the
Security News - 7:30-8:30PM