Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goltsev Yuriy - Ломать - не строить!

DC7499
May 22, 2015
Research
0
42

Goltsev Yuriy - Ломать - не строить!

DEFCON Moscow 8

DC7499

May 22, 2015
Tweet

More Decks by DC7499

See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
defcon
0
430
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
defcon
0
220
Anton Lopanitsyn - Initial reconnaissance of web applications.
defcon
0
260
Dmitry Volkov - Private messengers: without pain??
defcon
1
210
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
defcon
1
190
Sergey Belov - Another side of Bug Bounty programs
defcon
0
240
Dmitry Sklyarov - Intel ME: Flash file system explained
defcon
0
400
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
defcon
0
460
Sergey Golovanov - Indecent Response 2018
defcon
0
370

Other Decks in Research

See All in Research
第4回ナレッジグラフ勉強会:ISWC2023論文読み会
kg_wakate
1
200
訓練データ作成のためのCloudCompareを利用した点群の手動ラベリング
kentaitakura
0
530
FMP L3 Year 1 Project Proposal
haiinya
0
150
Azure Arc-enabled Serversを利用した ハイブリッド・マルチクラウド環境の管理 / Managing Hybrid Multi-cloud Environments with Azure Arc-enabled Servers
nttcom
0
210
一般化ランダムフォレストの理論と統計的因果推論への応用
tomoshige_n
10
1.8k
CSC590 Lecture 01
javiergs
PRO
0
130
Ground Metric Learning with applications in genomics
gpeyre
0
360
Target trial emulationの概要
shuntaros
2
1.1k
Sosiaalisen median katsaus 02/2024
hponka
0
2.6k
インタビューだけじゃない!ユーザーに共感しユーザーの目👀を手に入れるためのインプット
moco1013
0
200
Cross-Media Information Spaces and Architectures
signer
PRO
0
120
2024-01-23-az
sofievl
1
740

Featured

See All Featured
Building a Scalable Design System with Sketch
lauravandoore
456
32k
A Tale of Four Properties
chriscoyier
151
22k
Practical Orchestrator
shlominoach
182
9.7k
How to train your dragon (web standard)
notwaldorf
73
5.2k
Web development in the modern age
philhawksworth
202
10k
Building Better People: How to give real-time feedback that sticks.
wjessup
355
18k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
Designing with Data
zakiwarfel
96
4.8k
Designing the Hi-DPI Web
ddemaree
276
33k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
What's in a price? How to price your products and services
michaelherold
237
11k
Designing Experiences People Love
moore
136
23k

Transcript

  1. Ломать - не строить! Юрий Гольцев @ygoltsev

  2. Intro

  3. Invest in your knowledge of practical information security

  4. Please, don’t order a penetration test until…

  5. My own TOP of security issues, related to internal networks:

    1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

  6. Weak password policy Description Easy to bruteforce Common Targets Directory

    Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

  7. Default accounts Description Easy to bruteforce Common Targets DBs, network

    devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

  8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad

    Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

  9. Windows architecture Description You can’t prevent it, if you use

    it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

  10. WPAD configuration mismatch Description Very useful for corporate users if

    implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

  11. Antivirus software configuration mismatch Description Antivirus software can be disable

    with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

  12. No network segmentation Description No restrictions and no data filtration

    on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

  13. No patch management Description MS08-067 still can be found during

    penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

  14. Outro