SlideShare une entreprise Scribd logo

Level Up! - Practical Windows Privilege Escalation

jakx_
jakx_

This document provides an overview of practical Windows privilege escalation techniques. It begins with introductions and disclaimers, then discusses Windows access control models and concepts like integrity levels. It proceeds to demonstrate potential escalation avenues like exploiting privileged access elsewhere on the network, extracting credentials from files, exploiting unpatched vulnerabilities, weak permissions on services/files, AlwaysInstallElevated policies, and DLL hijacking. The document emphasizes that privilege escalation is still possible even with UAC and provides tools and references for further information.

Technologie
1  sur  51
Télécharger pour lire hors ligne
Practical Windows Privilege Escalation Andrew Smith
C:>type disclaimer.txt •The opinions expressed in this presentation are mine and not those of my employer.
C:>whoami /all •Andrew Smith •@jakx_ •Penetration Tester •OWASP •Metasploit •CTF •Certs
C:>whois you
What are you talking about? •Relevant Windows Security Info •PrivEsc tricks win7 •Limited user -> Local Admin
Why should I care? •You wanna level up •You wanna prevent level up •Hack the planet! •You like Mario?
Why should I care? •"People designing defenses who have never had them evaluated by a good attacker is kind of like learning one of those martial arts that look more like dancing than fighting. They look nice, but when you get into a fight your dance kungfu isn’t going to help you not get your ass kicked." -Dan Guido
Windows Access Control *https://msdn.microsoft.com/en- us/library/windows/desktop/aa379557%28v=vs.85%29.aspx •Securable Objects •Files •Directories •Services •Registry Keys •Named Pipes
Windows Access Control *https://msdn.microsoft.com/en- us/library/windows/desktop/aa379563%28v=vs.85%29.aspx •Security Descriptor •Discretionary Access Control List (DACL) •Access Control Entries (ACE)
Windows Access Control *https://msdn.microsoft.com/en- us/library/windows/desktop/aa379563%28v=vs.85%29.aspx •Access Token •Container of user security info •SID, groups, privileges •Tied to process or thread
Windows Access Control
Windows Access Control Access Token
Windows Access Control Access Token DACL
Windows Access Control Access Token DACL AccessChk
Mandatory Integrity Control *https://msdn.microsoft.com/en-us/library/bb625963.aspx •Security feature post-Vista •Assigns process Integrity Levels •Indicates “trustworthiness” of object
Windows Integrity Levels *Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
Windows Integrity Levels Low Medium High SYSTEM *https://msdn.microsoft.com/en-us/library/bb625963.aspx
Windows Integrity Levels *https://msdn.microsoft.com/en-us/library/bb625963.aspx Low Medium High SYSTEM UAC Just ask nicely…
The Setup… •Land on workstation as SKYNETLuigi via $method •Want to escalate privileges •Limited User -> Local Admin •Marketing isnt Admin… right?
Time to Level Up! •Admin somewhere else? •Creds in files •Exploit unpatched EoP bugs •Exploit insecure configs/apps •Weak Services DACLs •Weak File DACLs •AlwaysInstallEvelated •DLLs
Somewhere Else? •Luigi in “Domain Users” group •1 box “Domain Users” in “Administrators”
Somewhere Else? •Powerview •https://github.com/PowerShellMafia/PowerSploit/blob/m aster/Recon/PowerView.ps1 • Find-LocalAdminAccess
Somewhere Else?
Creds in Files •C:usersluigiDesktoppasswords.xls •C:>dir /b /s web.config •C:>dir /b /s unattend.xml •C:>dir /b /s sysprep.inf •C:>dir /b /s sysprep.xml •C:>dir /b /s *pass* •GPP •mushroomkindgomSYSVOL????
Windows EoP Buggzz •Enumerate missing patches •post/windows/gather/enum_patches •post/multi/recon/local_exploit_suggester •Pwn
Windows EoP Buggzz •MS13-053
Weak Service Permissions Accesschk.exe –qwcu “Authenticated Users” * Accesschk.exe –qwcu “Users” * Accesschk.exe –qwcu “Everyone” *
Weak Service Permissions •Can we edit the service config? •Can we edit the binary it points to?
Weak Service Permissions •Demo
Weak File Permissions •Look for writeable files •Autoruns? •Scheduled Tasks? Accesschk.exe –qwsu “Authenticated Users” c: Accesschk.exe –qwsu “Users” c: Accesschk.exe –qwsu “Everyone” c:
Weak File Permissions •Story time
Weak File Permissions •Story time •Main app binary writeable “users”
Weak File Permissions •Story time •Main app binary writeable “users” •Autorun on login
Weak File Permissions
Weak File Permissions • “Nah bro, UAC”
Weak File Permissions • Admin logs in
Weak File Permissions • Admin logs in • Backdoored binary auto-executes
Weak File Permissions • Admin logs in • Backdoored binary auto-executes • Code execution at medium IL as admin (UAC)
Weak File Permissions •“One important thing to know is that UAC is not a security boundary.” *https://blogs.msdn.microsoft.com/e7/2009/02/05/upda te-on-uac/
AlwaysInstallElevated •Group policy setting that makes installing packages (.msi) convenient… •..Any .msi… •for everyone..
AlwaysInstallElevated reg query HKLMSOFTWAREPoliciesMicrosoft WindowsInstaller /v AlwaysInstallElevated reg query HKCUSOFTWAREPoliciesMicrosoft WindowsInstaller /v AlwaysInstallElevated
AlwaysInstallElevated •Demo
DLL Hijacking •Windows can dynamically load DLLs •If full path not used/missing, Windows executes DLL Search Order •Eg. •LoadLibrary(“ohnoes.dll”) vs •LoadLibrary(“c:program filesohnoes.dll”)
DLL Hijacking 1. The directory from which the application loaded. 2. The system directory. 3. The 16-bit system directory. 4. The Windows directory. 5. The current directory. 6. The directories listed in the PATH environment variable. *https://msdn.microsoft.com/en- us/library/windows/desktop/ms682586%28v=vs.85%29.aspx
DLL Hijacking 1. The directory from which the application loaded. 2. The system directory. 3. The 16-bit system directory. 4. The Windows directory. 5. The current directory. (Exploitable) 6. The directories listed in the PATH environment variable. (Exploitable) *https://msdn.microsoft.com/en- us/library/windows/desktop/ms682586%28v=vs.85%29.aspx
DLL Hijacking •Privileged app loads missing DLL + controllable search path element = pwned •Use Sysinternals Procmon •Include “.dll” •Include “NAME NOT FOUND” •Include folder in path
DLL Hijacking •Demo
Conclusions •Know your network/apps •Don’t run as admin •UAC IS NOT A SECURITY BOUNDARY •Patch your shit •“Hack yourself first”
Tools •Powerup •https://github.com/PowerShellMafia/PowerSploit/blob/master/Priv esc/PowerUp.ps1 •Windows-privesc-check •https://github.com/pentestmonkey/windows-privesc-check •Sysinternals Suite •https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx
References/Resources https://www.insomniasec.com/downloads/publications/WindowsPrivEsc.ppt https://labs.mwrinfosecurity.com/system/assets/760/original/Windows_Service s_-_All_roads_lead_to_SYSTEM.pdf https://technet.microsoft.com/en-us/sysinternals/bb545027 http://www.greyhathacker.net/?p=738 Greyhat Hacking 4th edition Windows Internals 6th edition https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp http://www.slideshare.net/mubix/windows-attacks-at-is-the-new-black- 26665607
Questions? @jakx_ ajs@swordshield.com

Recommandé

How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
OWASP Delhi
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Andy Robbins
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
Christian Heinrich
 

Recommandé

How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
OWASP Delhi
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Andy Robbins
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
Christian Heinrich
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Control
enigma0x3
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
Sunny Neo
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
Will Schroeder
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Priyanka Aash
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege Escalation
Riyaz Walikar
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
Will Schroeder
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
Petros Koutroumpis
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101
Rashid feroz
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalation
nullthreat
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
Nabeel Ahmed
 

Contenu connexe

Tendances

(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
Petros Koutroumpis
 

Tendances (20)

Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Control
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege Escalation
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 

En vedette

Privilege Escalation And Misconfigurations Part2
Privilege Escalation And Misconfigurations Part2Privilege Escalation And Misconfigurations Part2
Privilege Escalation And Misconfigurations Part2
Caleb Sima
 
Privilege Escalation And Misconfigurations
Privilege Escalation And MisconfigurationsPrivilege Escalation And Misconfigurations
Privilege Escalation And Misconfigurations
Caleb Sima
 
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
Shakacon
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON
 
DBSCAN (2014_11_25 06_21_12 UTC)
DBSCAN (2014_11_25 06_21_12 UTC)DBSCAN (2014_11_25 06_21_12 UTC)
DBSCAN (2014_11_25 06_21_12 UTC)
Cory Cook
 

En vedette (20)

Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalation
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparation
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to Sysinternals
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
 
Esoteric xss payloads
Esoteric xss payloadsEsoteric xss payloads
Esoteric xss payloads
 
4 Ways to Make UAC Less Annoying on Windows 7 / Vista
4 Ways to Make UAC Less Annoying on Windows 7 / Vista4 Ways to Make UAC Less Annoying on Windows 7 / Vista
4 Ways to Make UAC Less Annoying on Windows 7 / Vista
 
Windows 7
Windows 7Windows 7
Windows 7
 
OPS2016 ja ohjelmointi
OPS2016 ja ohjelmointiOPS2016 ja ohjelmointi
OPS2016 ja ohjelmointi
 
Programación dinámica
Programación dinámicaProgramación dinámica
Programación dinámica
 
Privilege Escalation And Misconfigurations Part2
Privilege Escalation And Misconfigurations Part2Privilege Escalation And Misconfigurations Part2
Privilege Escalation And Misconfigurations Part2
 
Privilege Escalation And Misconfigurations
Privilege Escalation And MisconfigurationsPrivilege Escalation And Misconfigurations
Privilege Escalation And Misconfigurations
 
Attacking Windows Authentication and BitLocker Full Disk Encryption
Attacking Windows Authentication and BitLocker Full Disk EncryptionAttacking Windows Authentication and BitLocker Full Disk Encryption
Attacking Windows Authentication and BitLocker Full Disk Encryption
 
Disruptive Innovations 2014 / CITI
Disruptive Innovations 2014 / CITIDisruptive Innovations 2014 / CITI
Disruptive Innovations 2014 / CITI
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Maximum clique detection algorithm
Maximum clique detection algorithmMaximum clique detection algorithm
Maximum clique detection algorithm
 
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
 
DBSCAN (2014_11_25 06_21_12 UTC)
DBSCAN (2014_11_25 06_21_12 UTC)DBSCAN (2014_11_25 06_21_12 UTC)
DBSCAN (2014_11_25 06_21_12 UTC)
 

Similaire à Level Up! - Practical Windows Privilege Escalation

Securing the Container Pipeline
Securing the Container PipelineSecuring the Container Pipeline
Securing the Container Pipeline
Salesforce Engineering
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
Dennis Maldonado
 
Programs you need!
Programs you need!Programs you need!
Programs you need!
dshinkfield
 

Similaire à Level Up! - Practical Windows Privilege Escalation (20)

Windows privilege escalation
Windows privilege escalationWindows privilege escalation
Windows privilege escalation
 
Logs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thiefLogs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thief
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
 
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
 
Securing the Container Pipeline
Securing the Container PipelineSecuring the Container Pipeline
Securing the Container Pipeline
 
Defending Your "Gold"
Defending Your "Gold"Defending Your "Gold"
Defending Your "Gold"
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Programs you need!
Programs you need!Programs you need!
Programs you need!
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue Kid
 
Programs you need!
Programs you need!Programs you need!
Programs you need!
 
CNIT 152 12 Investigating Windows Systems (Part 2)
CNIT 152 12 Investigating Windows Systems (Part 2)CNIT 152 12 Investigating Windows Systems (Part 2)
CNIT 152 12 Investigating Windows Systems (Part 2)
 
Windows Malware Techniques
Windows Malware TechniquesWindows Malware Techniques
Windows Malware Techniques
 
Deeplook into apt and how to detect and defend v1.0
Deeplook into apt and how to detect and defend v1.0Deeplook into apt and how to detect and defend v1.0
Deeplook into apt and how to detect and defend v1.0
 
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is HackedAnton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is Hacked
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Dernier (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

Level Up! - Practical Windows Privilege Escalation