A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Scan, Pwn, Next! - exploiting service accounts in Windows networks - Andrey Dulkin, Matan Hart BSides San Francisco 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Scan, Pwn, Next! - exploiting service accounts in Windows networks
Andrey Dulkin, Matan Hart
BSides San Francisco 2016

Service accounts are prevalent in Windows networks, but are often mismanaged and ripe for exploitation. Too often these accounts are over-privileged, dual-used (both by human users and automated processes), and have credentials omnipresent in the network. The services that use these accounts are easily discovered, as they are registered as SPNs on the Active Directory, thus presenting a lucrative target for an attacker.In this talk we will discuss how service accounts can be mismanaged and thus exploited, and present new research examining the exposure of service accounts in real-world networks.We will demonstrate exploitation techniques and introduce an open source tool for detecting potentially vulnerable service accounts in Windows networks. We will also discuss how targeted behavioral analytics can be employed to detect potential abuse of service accounts.Armed with the knowledge and tools from this presentation, you can now go and test your own networks – and, perhaps, prevent that sneaky attacker from exploiting your service accounts.

Back to BSides San Francisco 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast