An ACE in the Hole - Stealthy Host Persistence via Security Descriptors

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Explore stealthy host persistence techniques using security descriptors in this 51-minute conference talk from Derbycon 7. Dive into offensive implications, WinRM backdoors, and misconfigured configurations. Learn about general persistence approaches for domain-joined systems, securable objects, and security descriptors. Examine object rights, services, and anti-audit measures. Discover existing tools, caveats, and object takeover primitives. Analyze case studies involving Service Control Manager, WMI classes, and printer objects. Investigate remote registry access, hash dumping, and backdooring techniques. Gain insights on defensive enumeration and key takeaways for enhancing system security.

Syllabus

Intro
Introductions
Overview
Offensive Implications
WinRM Backdoor
Misconfigured Configurations
General Persistence Approach
Domain Join Systems
We Believe
What is a Securable Object
What is a Security Descriptor
Where do security descriptors come from
What are decals
Object rights
Services
AntiAudit Measures
Methodology
Existing Tools
Caveats
Security Descriptors
Object Takeover Primitives
Process Rights
Case Studies
Service Control Manager
Security Descriptor
Decom
WMyClasses
WMyRemoteAccess
Printer Objects
Printer RPC
Commandlets
Remote Registry
Hash Dumping
Backdooring
MEMEMIC
Defensive Enumeration
Takeaways
Microsoft troll slides
RPC protocols

Reviews

Start your review of An ACE in the Hole - Stealthy Host Persistence via Security Descriptors

Never Stop Learning.