Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goltsev Yuriy - Ломать - не строить!

Avatar for DC7499 DC7499
May 22, 2015
Research
0
50

Goltsev Yuriy - Ломать - не строить!

DEFCON Moscow 8
Avatar for DC7499

DC7499

May 22, 2015
Tweet

More Decks by DC7499

See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
Avatar for DC7499 defcon
0
530
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
Avatar for DC7499 defcon
0
270
Anton Lopanitsyn - Initial reconnaissance of web applications.
Avatar for DC7499 defcon
0
290
Dmitry Volkov - Private messengers: without pain??
Avatar for DC7499 defcon
1
230
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
Avatar for DC7499 defcon
2
210
Sergey Belov - Another side of Bug Bounty programs
Avatar for DC7499 defcon
0
300
Dmitry Sklyarov - Intel ME: Flash file system explained
Avatar for DC7499 defcon
0
510
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
Avatar for DC7499 defcon
0
590
Sergey Golovanov - Indecent Response 2018
Avatar for DC7499 defcon
0
510

Other Decks in Research

See All in Research
「エージェントって何?」から「実際の開発現場で役立つ考え方やベストプラクティス」まで
Avatar for MIKIO KUBO mickey_kubo
0
120
Mechanistic Interpretability:解釈可能性研究の新たな潮流
Avatar for Koshiro Aoki koshiro_aoki
1
320
Type Theory as a Formal Basis of Natural Language Semantics
Avatar for Daiki Matsuoka daikimatsuoka
1
240
Computational OT #4 - Gradient flow and diffusion models
Avatar for Gabriel Peyré gpeyre
0
310
RHO-1: Not All Tokens Are What You Need
Avatar for Sansan R&D sansan_randd
1
130
心理言語学の視点から再考する言語モデルの学習過程
Avatar for Masato Mita chemical_tree
2
420
20250502_ABEJA_論文読み会_スライド
Avatar for Tomoki Fujihara flatton
0
170
最適化と機械学習による問題解決
Avatar for MIKIO KUBO mickey_kubo
0
140
Ad-DS Paper Circle #1
Avatar for Yusuke Kaneko ykaneko1992
0
5.6k
SSII2025 [TS2] リモートセンシング画像処理の最前線
Avatar for 画像センシングシンポジウム ssii
PRO
7
2.9k
大規模な2値整数計画問題に対する 効率的な重み付き局所探索法
Avatar for MIKIO KUBO mickey_kubo
1
270
Google Agent Development Kit (ADK) 入門 🚀
Avatar for MIKIO KUBO mickey_kubo
2
1.1k

Featured

See All Featured
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.7k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
54
11k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
5.9k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.4k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
126
53k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
20k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
1.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
138
34k

Transcript

  1. Ломать - не строить! Юрий Гольцев @ygoltsev

  2. Intro

  3. Invest in your knowledge of practical information security

  4. Please, don’t order a penetration test until…

  5. My own TOP of security issues, related to internal networks:

    1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

  6. Weak password policy Description Easy to bruteforce Common Targets Directory

    Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

  7. Default accounts Description Easy to bruteforce Common Targets DBs, network

    devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

  8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad

    Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

  9. Windows architecture Description You can’t prevent it, if you use

    it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

  10. WPAD configuration mismatch Description Very useful for corporate users if

    implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

  11. Antivirus software configuration mismatch Description Antivirus software can be disable

    with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

  12. No network segmentation Description No restrictions and no data filtration

    on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

  13. No patch management Description MS08-067 still can be found during

    penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

  14. Outro