credential assessment
play

Credential Assessment Mapping Privilege Escalation at Scale Matt - PowerPoint PPT Presentation

Feb 13, 2023 •264 likes •721 views

Credential Assessment Mapping Privilege Escalation at Scale Matt Weeks @scriptjunkie1 Adversary access (# boxes owned) 10000 1000 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (#

  1. Credential Assessment Mapping Privilege Escalation at Scale Matt Weeks @scriptjunkie1

  10. Adversary access (# boxes owned) 10000 1000 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000

  11. Adversary access (# boxes owned) 10000 Find and fix all the vulnerabilities, block Find known malware. contractor access 1000 The entire AV industry does this. Pentests, vuln Hunt anomalies assessments Fewer do this. Many companies try this. 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 Both are important parts of a security program

  12. Adversary access (# boxes owned) 10000 What happened here?! 1000 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000

  13. Adversary access (# boxes owned) 10000 Bad guys got a DA token; Creds left on a webserver. 1000 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000

  14. Adversary access (# boxes owned) 10000 Bad guys got a DA token; Creds left on a webserver. 1000 100 10 1 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Adversary access (# boxes owned) 1 1 2 2 2 10000 10000 10000 10000 10000 Malware detection and vulnerable boxes are not the biggest enterprise problem, admin creds lying around all over the domain is.

  20. Scanners Collectors Analysis UI Database

  22. http://extract.ntdsd.it/

  24. Uh oh!

  38. It can be done!

Recommend

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020

CREDENTIAL, ADJUNCT AND OVERLOAD PROCESS-ACADEMIC AFFAIRS REQUIREMENTS May 29 th , 2020 CREDENTIAL PROCESS May 29 th , 2020 CREDENTIAL STEPS 1. Original Transcripts sent to CAFA (Dr. Taylors Office: Curriculum, Assessment and Faculty

470 views • 16 slides
MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

502 views • 14 slides
SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

573 views • 14 slides
Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential Evaluation Shelby L. Cearley Texas Tech University Office of Graduate & International Admissions Todays Session Agenda A brief roadmap

372 views • 5 slides
PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

RSA LABS PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A credential management service that allows individuals and employees to securely and seamlessly access any app from any device. 2 RHAPSODY

239 views • 9 slides
The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues

The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues

The C Credential D Doc octor or i is In s In: : Ask sk Your Your C Col olleague ues TAICEP 30 April 2020 2 To Todays Pre resent nters rs Shereen Mir- Shelby Cearley Barbara Glave Bettina Smegi Jabbar Senior

409 views • 37 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

7/17/2019 The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of

328 views • 6 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of Conduct

304 views • 5 slides
Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February

Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February

Registration and Credential Repository (RCR) Review Matthew Boron, RPh PMB, CTEP, NCI February 25, 2020 Goals and Objectives Describe why the Registration and Credential Repository was implemented Explain requirements and how to access

562 views • 45 slides
Ev uating d A Credential Evaluators How - To Guide for Document Fraud Timothy J. Kell

Ev uating d A Credential Evaluators How - To Guide for Document Fraud Timothy J. Kell

Ev uating d A Credential Evaluators How - To Guide for Document Fraud Timothy J. Kell Educational Credential Evaluators, Inc. TAICEP At Your Desk 21 May 2020 eak Documentation quirements 2 eak Documentation Requirements

587 views • 11 slides
Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal

Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal

Overview Background Our solution Conclusions Credential Mapping in Grids Esteban Talavera Gonzlez Center for Parallel Computers (PDC) Royal Institute of Technology (KTH) Stockholm March 16, 2007 Esteban Talavera Gonzlez Credential

569 views • 44 slides
Becoming CPH: Why, Where, When and How About the NBPHE Incorporated in 2005 as independent

Becoming CPH: Why, Where, When and How About the NBPHE Incorporated in 2005 as independent

GETTING AND STAYING AHEAD WITH THE CERTIFIED IN PUBLIC HEALTH (CPH) CREDENTIAL : Becoming CPH: Why, Where, When and How About the NBPHE Incorporated in 2005 as independent non- profit organization First credential issued 2008 Board

582 views • 32 slides
N O R T H W E S T THE ESSENTIAL CREDENTIAL ENERGY EFFICIENCY COUNCIL BOC

N O R T H W E S T THE ESSENTIAL CREDENTIAL ENERGY EFFICIENCY COUNCIL BOC

N O R T H W E S T THE ESSENTIAL CREDENTIAL ENERGY EFFICIENCY COUNCIL BOC TECHNICAL WEBINAR SERIES Managing your Plug Loads March 16, 2016 11:00am Pacific Time Guest Moderator: Duane Lewellen Sr. Project Manager

602 views • 33 slides
The ITE Card The First Global Digital Credential for a New Relationship between Publishers and

The ITE Card The First Global Digital Credential for a New Relationship between Publishers and

The ITE Card The First Global Digital Credential for a New Relationship between Publishers and Subscribers Worldwide Drummond Reed ITEGA Summit Pocantico NY Chief Trust Officer, Evernym 19 April 2018 Trustee, Sovrin Foundation Hypothesis

616 views • 14 slides
Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm,

302 views • 26 slides
+ Credential Info Night While you are waiting Gretchen Andreasen & Iris Weaver Say

+ Credential Info Night While you are waiting Gretchen Andreasen & Iris Weaver Say

+ Credential Info Night While you are waiting Gretchen Andreasen & Iris Weaver Say hello in the chat, mix a drink, Zoom get a snack! October 21, 2020 + Agenda Support from Cal Teach Types of Programs Selecting Schools for

483 views • 21 slides
CREDENTIAL 2020 CONFIDENTIAL The struggle for survival in the SNS The world market and its

CREDENTIAL 2020 CONFIDENTIAL The struggle for survival in the SNS The world market and its

CREDENTIAL 2020 CONFIDENTIAL The struggle for survival in the SNS The world market and its fierce struggle in SNS! Not fighting competitors, you will crash after 3 years [To survive on the battlefield in the SNS] A company that actively and

555 views • 31 slides
Countries in Crisis: Credential Evaluation for Interrupted or Undocumented Studies Wednesday,

Countries in Crisis: Credential Evaluation for Interrupted or Undocumented Studies Wednesday,

Countries in Crisis: Credential Evaluation for Interrupted or Undocumented Studies Wednesday, May 27, 2015: 10:15 AM - 12:15 PM Presenters Marybeth Gruenewald, Director of Global Initiatives and Senior Evaluator, ECE, Inc., Milwaukee,

1.16k views • 98 slides
Beyond Credential Stuffing: Password Similarity Models using Neural Networks Bijeeta Pal*, Tal

Beyond Credential Stuffing: Password Similarity Models using Neural Networks Bijeeta Pal*, Tal

Beyond Credential Stuffing: Password Similarity Models using Neural Networks Bijeeta Pal*, Tal Daniel + , Rahul Chatterjee*, and Thomas Ristenpart* *Cornell Tech + Technion 1 Password Breaches Millions of passwords leaked every year First half

369 views • 19 slides
CREDENTIAL TRANSPARENCY & INTEROPERABILITY Strengthening Community Colleges Grants Program

CREDENTIAL TRANSPARENCY & INTEROPERABILITY Strengthening Community Colleges Grants Program

CREDENTIAL TRANSPARENCY & INTEROPERABILITY Strengthening Community Colleges Grants Program August 2020 Please Note To view additional information in talking points, click on the comment icon where it appears. PROGRAM REQUIREMENTS

593 views • 37 slides
Education in the Commonwealth Caribbean by Educational Credential Evaluators, Inc., 2010 Vol. I

Education in the Commonwealth Caribbean by Educational Credential Evaluators, Inc., 2010 Vol. I

Education in the Commonwealth Caribbean by Educational Credential Evaluators, Inc., 2010 Vol. I available free on-line until Nov. 30, 2010. Send an e-mail to: sfeagles@ece.org Handout for this presentation is now available at

1.17k views • 47 slides
CREDENTIAL TRANSPARENCY & INTEROPERABILITY H-1B ONE WORKFORCE GRANT PROGRAM September 2020

CREDENTIAL TRANSPARENCY & INTEROPERABILITY H-1B ONE WORKFORCE GRANT PROGRAM September 2020

CREDENTIAL TRANSPARENCY & INTEROPERABILITY H-1B ONE WORKFORCE GRANT PROGRAM September 2020 Please Note To view additional information in talking points, click on the comment icon where it appears. PROGRAM REQUIREMENTS H-1B ONE

747 views • 37 slides
Secondary Education @ SF State Outline of Presentation About Us Our Degree and Credential

Secondary Education @ SF State Outline of Presentation About Us Our Degree and Credential

Secondary Education @ SF State Outline of Presentation About Us Our Degree and Credential Programs Why Come to SF State? Admissions Questions About Us Part of Graduate College of Education Nine full-time faculty

435 views • 16 slides
A"Study"of"Credential"Integration"Model"

A"Study"of"Credential"Integration"Model"

A"Study"of"Credential"Integration"Model" in"Academic"Research"Federation" Supporting"a"Wide"Variety"of"Services International,Symposium,Grids,&,Clouds,2018 20 th

282 views • 16 slides

More recommend