Unmanaged Systems: Your Achilles Heel

Presented at CactusCon 11 (2023), Jan. 27, 2023, 9 p.m. (60 minutes).

You’re enforcing strong passwords, deploying Windows Updates frequently, enforcing UAC and MFA, limiting local-administrator accounts, all while leveraging defense-in-depth via EDR, LAPS, SIEM, PAM, DLP, CASB, and several other powerful acronyms. You're ready, darn-near invulnerable, dipped into the proverbial river Styx...except for that dang ankle. Have you made the threat-actor's job more difficult? Definitely. Have you stopped them in their tracks? Not likely. They are still coming for you, and to butcher a Sun Tzu quote, "only a fool attacks their enemy where they are strongest!" It's time to turn your attention to your Achilles Heel, areas of weakness that can lead to your downfall, the systems that fall outside of your aforementioned defense-in-depth strategy, your "unmanaged" systems. From NAS to CCTV to microcontrollers/microprocessors to medical devices, join me for a discussion on what I mean by "unmanaged" systems, where I've seen them hiding in enterprise environments, how I've found and abused them as an offensive-security practitioner, how I've seen them abused by threat-actors during incident-response engagements, and some practical strategies for finding and securing "unmanaged" systems in your environment.

Presenters:

  • SecureCake - DFIR Principal Consultant, Avertium
    Patterson has worked in information-technology for more than two decades, focusing on information-security for the past several years, with extensive experience in offensive security and incident response, specializing in combining the two in the development of incident-response teams, programs, and processes. Before joining Avertium, he was a Senior Security Engineer for AWS Managed Services and a Senior Security Consultant for Haven Information Security, with recent and relevant experience in information-security across multiple verticals, from non-profit healthcare to cloud-service providers to financial-service providers. He also teaches for SANS, is a member of the GIAC GPEN advisory board, holds more than two-dozen security certifications, and is actively involved in the information-security community.

Links:

Similar Presentations: