Privilege Escalation & Man-in-the-Middle

  • Privilege Escalation

    • Gain access to what you should not be able to access.

    • Start as a normal user, and grant yourself more permissions

    • Inject code into a “privileged” app or service

    • Sudo / “Run as administrator”. Built in privilege escalation.

    • Mitigation?

      • Passwords, MFA, least privilege, sanitize input, patching, change default credentials

  • Pass the hash attack

    • Once captured, present the hash value instead of the password.

    • Older versions of Windows (LM hashes)

    • Newer versions with backwards-compatible configurations

  • Golden Ticket

    • One ticket to rule them all

    • Applies to Kerberos

    • Can grant Admin permissions to AD

    • On vulnerable versions, dumping the AD data store (NTDS.DIT) reveals the krbtgt hashes

    • These hashes can be used to create a “golden ticket” for any user in AD

    • “Kerberoasting”

  • Man in the middle attack

    • Network traffic interception. Optional redirection

    • Software: code injection. Man in the browser.

    • Keyloggers

    • ARP poisoning

  • DNS Attacks

    • Buffer overflows

    • DNS amplification

    • Mitigation?

      • Patching

      • Block malicious sources

  • Rootkits

    • Kernel level malware

    • Replaces OS files with malicious ones

    • Require root access

    • Mitigation: antivirus. File integrity monitoring.

    • Tripwire – File integrity monitoring for Linux.

    • File-sight for Windows FIM.

PreviousPassword Cracking and HashingNextNetwork Based IoCs

Last updated