Abusing misconfigurations for privilege escalation

Presented at Wild West Hackin' Fest 2018, Oct. 25, 2018, 3 p.m. (50 minutes)

Often you don't land in a penetration test with full admin rights. How can you fix that? In most networks it's easier than you might think. In this session, Jake will discuss and demonstrate various privilege escalation techniques that are possible primarily due to misconfigurations. Practically every network has one or more misconfigurations that let you easily escalate from random joe to total pro. We'll examine some common issues present in both Windows and Linux to you can level up for your next penetration test.

Presenters:

  • Jake Williams
    When a complex cyber attack put a private equity investment of more than $700 million on hold, the stakes couldn't have been higher. But that's exactly the kind of challenge that motivates Jake Williams, a computer science and information security expert, U.S. Army veteran, certified SANS instructor and co-author of [FOR526: Memory Forensics In-Depth](https://www.sans.org/course/memory-forensics-in-depth) and [FOR578: Cyber Threat Intelligence](https://www.sans.org/course/cyber-threat-intelligence). To help mitigate the attack, Jake plied his information security expertise, discovered that not one but three different attackers had compromised the firm's network, and went about countering their moves. Jake relishes the idea of meeting adversaries on the cyber battlefield. "I went into this field because I wanted a challenge," he says. "Infosec is like a game of chess to me. The attacker plays their moves and you play yours." Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. "I am immensely proud of the things I've accomplished," Jake says. "I'm positive the world is a safer place because of my work." Today, Jake runs a successful Infosec consultancy. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. In one, Jake discovered attackers compromising a custom service the client had distributed to all its endpoints. Leveraging experience and insight with advanced persistent threats helped Jake "think like the attacker" and determine the attacker's likely hiding spots. Jake's work has led to his invention of DropSmack, a proof-of-concept tool for highlighting the danger that cloud-based file sharing services pose to corporate networks, and the creation of ADD (Attention Deficit Disorder), a publicly-available memory anti-forensics toolkit.

Links:

Similar Presentations: