An ACE in the Hole - Stealthy Host Persistence via Security Descriptors
Offered By: YouTube
Course Description
Overview
Explore stealthy host persistence techniques using security descriptors in this 51-minute conference talk from Derbycon 7. Dive into offensive implications, WinRM backdoors, and misconfigured configurations. Learn about general persistence approaches for domain-joined systems, securable objects, and security descriptors. Examine object rights, services, and anti-audit measures. Discover existing tools, caveats, and object takeover primitives. Analyze case studies involving Service Control Manager, WMI classes, and printer objects. Investigate remote registry access, hash dumping, and backdooring techniques. Gain insights on defensive enumeration and key takeaways for enhancing system security.
Syllabus
Intro
Introductions
Overview
Offensive Implications
WinRM Backdoor
Misconfigured Configurations
General Persistence Approach
Domain Join Systems
We Believe
What is a Securable Object
What is a Security Descriptor
Where do security descriptors come from
What are decals
Object rights
Services
AntiAudit Measures
Methodology
Existing Tools
Caveats
Security Descriptors
Object Takeover Primitives
Process Rights
Case Studies
Service Control Manager
Security Descriptor
Decom
WMyClasses
WMyRemoteAccess
Printer Objects
Printer RPC
Commandlets
Remote Registry
Hash Dumping
Backdooring
MEMEMIC
Defensive Enumeration
Takeaways
Microsoft troll slides
RPC protocols
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube