Windows is designed to keep user accounts in their place, but when you are the largest operating system in the world, there are bound to be holes that allow an unprivileged user to gain admin authority - and the bad guys always find them. In fact, my esteemed colleague, Joe Carson, is returning to show you 2 hacker tools that automate the process of assessing a given Windows system for viable privileged elevation (MITRE ATT&CK TA0004) vector. The first, winPEAS, “is a script that will search for all possible paths to escalate privileges on Windows hosts”. The second, Sherlock, identifies missing patches to privilege escalation exploits.
Before Joe gets started, I will briefly do a level set on privilege escalation theory in Windows covering topics like Access Tokens, Integrity Levels, and Discretionary Access Controls and how they comprise Access Control Entries.
Then Joe will demonstrate privilege escalation attacks in a Windows environment while touching on enumeration and attack techniques. He will perform enumeration with winPEAS and Sherlock while also demonstrating how one exploits known unpatched vulnerabilities including the use of Pass-the-Hash (PtH). Joe will connect the multiple stages of a privilege escalation attack including Pre-engagement, Passive Recon, Active Recon, Service Enumeration, Access Exploitation, and Privilege Escalation.
We will also discuss common attack paths for privileged accounts including but not limited to the targeting of Domain Admin Accounts, Emergency Accounts, Privilege Data User Accounts, and several other accounts attackers go after.
Finally, Joe will demonstrate how organizations can harden their Windows systems in order to better prevent and prepare for potentially catastrophic events.
This real training for free event illustrates the ways in which attackers use Privilege Escalation to exploit vulnerabilities within the target environment. This includes but is not limited to insecure service permissions, unquoted service paths, weak registry permissions, insecure service executables, passwords, overprivileged users, pass-the-hash (PtH), Insecure GUI apps, storage of credentials within Security Account Management (SAM), and other OS vulnerabilities or kernel exploits.
Please join us for this real training for free event.