A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features - Ronnie Flathers Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features
Ronnie Flathers
Derbycon 2016

Passwords are weak, and generally speaking, the less a company relies on them, the better. Instead of using password authentication for multiple services and sending passwords (or hashes) all over the network, companies have started trying to adopt more password-less authentication mechanisms to secure their infrastructure. From SSH bastion hosts to Kerberos and 2FA, there are many controls that attempt to limit attacker mobility in the event that a single account or password is compromised. This session will be a "walking tour" of bypass techniques that allow a small compromise to pivot widely and undetectably across a network using and abusing built in authentication features and common tools. Starting with a simple compromise of an unprivileged account (e.g. through phishing), this session will discuss techniques that pentesters (and real world attackers) use to gain footholds in networks and abuse trust relationships in shared computing resources and "jumphosts". The session will demo common tricks to elevate privileges, impersonate other users, steal additional credentials, and pivot around networks using SSH. The presentation will culminate with a discussion of 2FA for SSH access, and how compromises elsewhere in a network can be exploited to completely bypass it. Since these tricks and techniques utilize only built-in Linux commands, they are extremely difficult to detect as they look like normal usage. The demo environment will mimic a segmented network that uses Kerberos and two-factor authentication on SSH jump hosts. It is based entirely off real-world experiences and setups that pentesters in Cisco's Security Services have encountered.

Ronnie Flathers is a Sr. Security Consultant with Cisco Advisory Services where he performs various network penetration tests and blackbox application assessments. Previous to Cisco he was a pentester with Neohapsis. He has spoken at Thotcon, hak4kidz, and several internal Cisco conferences.

Slides
Demo Video

@ropnop

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast