Presented at
Black Hat Europe 2018,
Dec. 5, 2018, 2 p.m.
(50 minutes).
Over the past fifteen years there's been an uptick in "interesting" UNIX infrastructures being integrated into customers' existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heterogeneous Windows network, they may not be as well understood by a typical UNIX admin who does not have a strong background in Windows and AD. Over the last few months I've spent some time looking a number of specific AD integration solutions (both open and closed source) for UNIX systems and documenting some of the tools, tactics and procedures that enable attacks on the forest to be staged from UNIX.
Presenters:
-
Tim (Wadhwa-)Brown
- Head Of Research, CX EMEAR Security Architecture, Cisco
Tim Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco's bespoke methodologies covering subjects as diverse as secure development, host hardening, risk and compliance, ERP and SCADA. In 2016-2017, Tim looked at targets as varied as Active Directory, z/OS mainframes, power stations, cars, banking middleware and enterprise SAP Landscapes.
Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on UNIX, KDE, Vista and web application security to his name. Tim is credited with almost 150 vulnerability advisories covering both kernel and userland, remote and local. Tim particularly like to bug hunt enterprise UNIX solutions.
Links:
Similar Presentations: