Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the...

20
Privilege Escalation: How Hackers Get Elevated Permissions Hacker Explains Kennet Johansen Systems Engineer Netwrix Corporation Liam Cleary CEO SharePlicity

Transcript of Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the...

Page 1: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Privilege Escalation: How Hackers Get Elevated Permissions

Hacker Explains

Kennet JohansenSystems EngineerNetwrix Corporation

Liam ClearyCEOSharePlicity

Page 2: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Housekeeping

• All attendees are on mute

• Ask your questions!

• Questions will be answered during

the session or at the Q&A at the end

• You will receive a copy of slides and

webinar recording in the follow-up

email

• Duration: Up to 60 minutes

Type your question

here

Click “Send”

Page 3: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

EscalationElevation

Agenda

Prevention

Page 4: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Elevation

Page 5: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Elevation

An elevation-of-privilege occurs when an application gains rights or privileges that should not be available to them.

Many of the elevation-of-privilege exploits are similar to exploits for other threats.

Page 6: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Escalation

Page 7: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Escalation

Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions on a system or network.

Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation.

Adversaries can enter a system with unprivileged access and must take advantage of a system weakness to obtain local administrator or SYSTEM/root level privileges.

Page 8: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Elevation versus Escalation

Vertical Privilege Escalation

• aka. Privilege Elevation

• Lower Privilege Account(s)

• Bypassing User vs. Admin Controls

• E.g. Windows Services, Screensavers, Registry, Cross Zone Scripting, Shell Injection and even Jailbreaking

Horizontal Privilege Escalation

• Normal User

• Context Switching

• Limited form of Elevation

• E.g. Session ID’s reuse in Cookies, Cross-site Scripting, Password Guessing, Session Hijacking and even Keystroke Logging

Page 9: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Elevation/Escalation Approaches

Windows Memory Injection

Process Injection

Access Token Manipulation Bypass User Account Control

File System Permissions Web Shell

Page 10: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Elevation: Process Hijacking

Client Workstation Hacker

Retrieve CurrentRunning Processes

Inject into Selected Process

Interrogate Environmentfor Running Processes

Issue Commands as Hijacked Process

Page 11: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Elevation: Impersonation

Client Workstation Hacker

Retrieve CurrentUser Tokens

Impersonate ChosenUser Token

Interrogate Environmentfor User Tokens

Issue Commands as Impersonated User

Page 12: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Demo

Page 13: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Prevention

Page 14: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Prevention

Patching

Mandatory Access Controls

Data Execution Protection Least Privilege

Encryption Anti-Virus

Page 15: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

About Netwrix Auditor

A visibility platform for user behavior analysis and risk mitigation

that enables control over changes, configurations, and access in hybrid IT environments.

It provides security intelligence to identify security holes, detect anomalies in user behavior

and investigate threat patterns in time to prevent real damage.

Netwrix Auditor

Page 16: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Security Challenges Resolved by Netwrix Auditor

IT can’t assess security posture

and determine which assets

need the most protection.

Proactively identify and

mitigate IT security weak

spots, and prioritize data

protection efforts.

Lack of actionable intelligence

makes it hard to prevent policy

violations and data breaches.

Gain full control over user

permissions. Lock down

overexposed data, prevent data

breaches and privilege abuse.

Incidents go unnoticed. Noise

and alert fatigue make it hard to

discern real threats.

Quickly identify real security

threats with alerts on

anomalous activity and details

about high-risk user accounts.

Forensics teams can’t analyze

attacks to understand how they

could have been stopped.

Trace attacks step by step to

learn from them and prevent

similar incidents from

happening again.

PREDICT

RESPOND DETECT

PREVENT

P R O B L E M

S O L U T I O N

P R O B L E M

S O L U T I O N

P R O B L E M

S O L U T I O N

P R O B L E M

S O L U T I O N

Page 17: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Netwrix Auditor Benefits

Detect Data Security

Threats, both On Premises

and in the Cloud

Bridges the visibility gap by delivering

security intelligence about critical changes,

configurations and data access in hybrid IT

environments and enabling identification

of security holes and investigation of

anomalous user behavior.

Pass Compliance Audits

with Less Effort

and Expense

Provides the evidence required to prove

that your organization’s IT security

program adheres to GDPR, PCI DSS,

HIPAA, SOX, FISMA, NIST, GLBA, CJIS,

FERPA, NERC CIP, ISO/IEC 27001, and

other standards.

Relieves IT departments of manual

crawling through weeks of log data to get

the information about who changed

what, when and where a change was

made, or who has access to what and

helps automate software inventory tasks.

Increase the

Productivity of Security

and Operations Teams

Page 18: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Demonstration

Netwrix Auditor

Page 19: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

Next Steps

Free Trial: setup in your own test environment

netwrix.com/freetrial

Virtual Appliance: get Netwrix Auditor up and running in minutes

netwrix.com/go/appliance

Test Drive: run a virtual POC in a Netwrix-hosted test lab

netwrix.com/testdrive

Live One-to-One Demo: product tour with Netwrix expert

netwrix.com/livedemo

Contact Sales to obtain more information

netwrix.com/contactsales

Upcoming and On-Demand Netwrix Webinars: join upcoming webinars or watch the recorded sessions

netwrix.com/webinars

netwrix.com/webinars#featured

Page 20: Hacker Explains Privilege Escalation: How Hackers Get ... · Escalation Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions

www. .comKennet JohansenSystems EngineerNetwrix Corporation

Thank you!

Questions?

Liam ClearyCEOSharePlicity