Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the...
Transcript of Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the...
Privilege Escalation: How Hackers Get Elevated Permissions
Hacker Explains
Kennet JohansenSystems EngineerNetwrix Corporation
Liam ClearyCEOSharePlicity
Housekeeping
• All attendees are on mute
• Ask your questions!
• Questions will be answered during
the session or at the Q&A at the end
• You will receive a copy of slides and
webinar recording in the follow-up
• Duration: Up to 60 minutes
Type your question
here
Click “Send”
EscalationElevation
Agenda
Prevention
Elevation
Elevation
An elevation-of-privilege occurs when an application gains rights or privileges that should not be available to them.
Many of the elevation-of-privilege exploits are similar to exploits for other threats.
Escalation
Escalation
Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions on a system or network.
Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation.
Adversaries can enter a system with unprivileged access and must take advantage of a system weakness to obtain local administrator or SYSTEM/root level privileges.
Elevation versus Escalation
Vertical Privilege Escalation
• aka. Privilege Elevation
• Lower Privilege Account(s)
• Bypassing User vs. Admin Controls
• E.g. Windows Services, Screensavers, Registry, Cross Zone Scripting, Shell Injection and even Jailbreaking
Horizontal Privilege Escalation
• Normal User
• Context Switching
• Limited form of Elevation
• E.g. Session ID’s reuse in Cookies, Cross-site Scripting, Password Guessing, Session Hijacking and even Keystroke Logging
Elevation/Escalation Approaches
Windows Memory Injection
Process Injection
Access Token Manipulation Bypass User Account Control
File System Permissions Web Shell
Elevation: Process Hijacking
Client Workstation Hacker
Retrieve CurrentRunning Processes
Inject into Selected Process
Interrogate Environmentfor Running Processes
Issue Commands as Hijacked Process
Elevation: Impersonation
Client Workstation Hacker
Retrieve CurrentUser Tokens
Impersonate ChosenUser Token
Interrogate Environmentfor User Tokens
Issue Commands as Impersonated User
Demo
Prevention
Prevention
Patching
Mandatory Access Controls
Data Execution Protection Least Privilege
Encryption Anti-Virus
About Netwrix Auditor
A visibility platform for user behavior analysis and risk mitigation
that enables control over changes, configurations, and access in hybrid IT environments.
It provides security intelligence to identify security holes, detect anomalies in user behavior
and investigate threat patterns in time to prevent real damage.
Netwrix Auditor
Security Challenges Resolved by Netwrix Auditor
IT can’t assess security posture
and determine which assets
need the most protection.
Proactively identify and
mitigate IT security weak
spots, and prioritize data
protection efforts.
Lack of actionable intelligence
makes it hard to prevent policy
violations and data breaches.
Gain full control over user
permissions. Lock down
overexposed data, prevent data
breaches and privilege abuse.
Incidents go unnoticed. Noise
and alert fatigue make it hard to
discern real threats.
Quickly identify real security
threats with alerts on
anomalous activity and details
about high-risk user accounts.
Forensics teams can’t analyze
attacks to understand how they
could have been stopped.
Trace attacks step by step to
learn from them and prevent
similar incidents from
happening again.
PREDICT
RESPOND DETECT
PREVENT
P R O B L E M
S O L U T I O N
P R O B L E M
S O L U T I O N
P R O B L E M
S O L U T I O N
P R O B L E M
S O L U T I O N
Netwrix Auditor Benefits
Detect Data Security
Threats, both On Premises
and in the Cloud
Bridges the visibility gap by delivering
security intelligence about critical changes,
configurations and data access in hybrid IT
environments and enabling identification
of security holes and investigation of
anomalous user behavior.
Pass Compliance Audits
with Less Effort
and Expense
Provides the evidence required to prove
that your organization’s IT security
program adheres to GDPR, PCI DSS,
HIPAA, SOX, FISMA, NIST, GLBA, CJIS,
FERPA, NERC CIP, ISO/IEC 27001, and
other standards.
Relieves IT departments of manual
crawling through weeks of log data to get
the information about who changed
what, when and where a change was
made, or who has access to what and
helps automate software inventory tasks.
Increase the
Productivity of Security
and Operations Teams
Demonstration
Netwrix Auditor
Next Steps
Free Trial: setup in your own test environment
netwrix.com/freetrial
Virtual Appliance: get Netwrix Auditor up and running in minutes
netwrix.com/go/appliance
Test Drive: run a virtual POC in a Netwrix-hosted test lab
netwrix.com/testdrive
Live One-to-One Demo: product tour with Netwrix expert
netwrix.com/livedemo
Contact Sales to obtain more information
netwrix.com/contactsales
Upcoming and On-Demand Netwrix Webinars: join upcoming webinars or watch the recorded sessions
netwrix.com/webinars
netwrix.com/webinars#featured
www. .comKennet JohansenSystems EngineerNetwrix Corporation
Thank you!
Questions?
Liam ClearyCEOSharePlicity