Ethical Hacking Training

Hacking and exploiting Active Directory Permissions

Posted on

Hacking y explotación de permisos de Active Directory

PowerView is a PowerShell tool to achieve network information on Windows domains for cyber security services and ethical hacking training professionals. It implements diverse practical meta-functions, including some user-hunting functions which will discover where in the network explicit users are logged in. It can also find which machines in the domain network the user has local administrator access. It also includes a number of functions for the enumeration and abuse of domain trusts. You can easily find function descriptions for suitable usage and accessible options mentions ethical hacking training professor.

It also includes a set of PowerShell replacements for diverse windows “net *” commands, which employ PowerShell AD hooks and essential Win32 API functions to execute useful Windows domain functionality as per cyber security services researchers. To run on a machine, start PowerShell with “powershell -exec bypass” and then load the PowerView component with: PS> Import-Module .\powerview.psm1 or load the PowerView script by itself: PS> Import-Module .\powerview.ps1

For comprehensive output of original functionality, add the -Debug flag to the functions. For functions that enumerate several machines, add the -Verbose flag to obtain a progress status as each host is enumerated. Most of the “meta” functions acknowledge an array of hosts.

How to use PowerView to exploit Active directory

AdminSDHolder is a unique Active Directory object positioned at “CN=AdminSDHolder,CN=System,DC=domain,DC=com“. The declared intention of this object is to protect certain privileged accounts from unintentional alteration.  Every one hour, a unique process called SDProp recursively enumerates association for a specific set of protected groups, revises the access control lists for all accounts found, and clones the ACLs of the AdminSDHolder object to any protected objects with a different ACL mentions ethical hacking training professor. If we alter the permissions of AdminSDHolder, that permission template will be removed from all protected accounts automatically by SDProp. So we can add an unprivileged user even with no group membership to the ACL of AdminSDHolder, and have a backdoor mechanism implemented that allow us to alter the membership of groups like Domain and network admin.

Any account/group which is or was a part of a protected group has their AdminCount property set to 1, even if the object is not any more in that protected group. With PowerView, we can effortlessly enumerate all users and groups with AdminCount=1 with Get-UserUser -AdminCount and Get-NetGroup -AdminCount, respectively. Thus it lets us speedily find all high value accounts, even if those accounts are not a part of a protected group. With Invoke-UserHunter we can use AdminCount flag, to effortlessly hunt for all high valued users in the domain.

Active Directory access rights are a somewhat unexplored area from an offensive cyber security perspective. Network admins should start auditing and monitoring the access rights of all privileged domain objects, particularly the domain root and AdminSDHolder. You can this manually, through PowerView’s Get-ObjectACL, or through help of cyber security services and ethical hacking training professionals.


Information Security age

Posted on

In many organizations confusion when assigning or distinguish the functions expected of a Computer Security area versus the area of ​​Information Security. Some of them do not even exist as separate areas. Because most have an installed technology infrastructure security, whether tools or perimeter defense or any other device.

What is the difference between them?

We can say that Information Security is the set of procedures, supported by technological tools provide mechanisms “Security” for information residing, stored or transmitted.

But what happens to the “Information” which is not transmitted by such means?

What to do with threats to the business as terrorist attacks, social engineering or defamation affecting a Brand or people in the organization?

As an example, remember the value of the action of Apple Computers was affected when the news that Steve Jobs (founder) was suffering from pancreatic cancer was disclosed. It was true, but it created an immediate devaluation.

information security course

To address anything related to “INFORMATION SECURITY” of the company, without necessarily being technological tools should have Information Security awareness.  Additionally there are other roles that can not be covered by the Department of IT, because their engineers have the highest privilege level on Infrastructure. They could delete logs, removing evidence, scaled permits, install, uninstall and more.

For this reason the Technology Department needed someone else to “monitor” and check that the mechanisms of protection are met, even by themselves. This is where information security course play an important role to train organizations in the IT security areas.

Likewise, the normal operation of the IT department does not include management and control of information on paper, such as documents, contracts that are in charge of other areas of the company. This vital business information cannot be unprotected just because it is not in digital media.  With this complex and comprehensive picture, it is clear that there must be a separate area, detached from IT, to monitor the effective implementation of the necessary controls to safeguard the most important asset of Business: INFORMATION.

Finally, the ISO / IEC 27001 standards in the category of segregation of duties require a separate area monitor and audit all controls Standard Information Security. It is clear that to accomplish this, information security is impaired as it would judge and party. International institute of cyber security is pioneer in providing information security course to individuals and organizations to understand importance to security in information age. Posted by Webimprints.

Information security training is MUST

Posted on Updated on

Security researchers have discovered a new version of the Stuxnet malware, known as “Havex” which was used in a series of cyber attacks against the above organizations in the energy sector.  As you will see in most cases, the affected sector is the energy sector. The famous Stuxnet worm was designed to sabotage the Iranian nuclear plants, now, the new version is scheduled to affect software systems for industrial control SCADA and ICS capabilities disable devices in hydroelectric dams, as well nuclear power plants and even disable power grids using these types of devices.

Information Security Training

The so-called Backdoor: W32 / Havex.A and variants of names depending on the antivirus vendor is a remote access Trojan generic and has recently been detected in a series of European companies that develop software applications for SCADA and ICS.  Havex is equipped with a new component, whose purpose is to collect information from the network and connected devices by leveraging the OPC (Open Platform Communications) standard. OPC is a communication standard that allows interaction between Windows-based SCADA applications and process control hardware. The malware scans the local network for devices that respond to requests from OPC to collect information about industrial control devices and then sends that information to its command and control server (C & C). Intelligence on development, has prepared the Havex in a function to collect information and send it to a server for developers of this worm, can enhance the Havex more precise functions make efficient and achieve the attack.  One of the issues which are companies that own these types of devices is still using SCADA with very tight versions of Windows that do not support or upgrades that may mitigate some of these safety issues and lack of Information Security Training emphasis on staff adds another level of threats. What we recommend is that the production line or that have SCADA network that has the following protections:

1) Where the SCADA LAN not have Internet access,

2) The teams are not accessible from the LAN to the users working in the company network.

3) If you must transfer files, do another VLAN or a segmented network and use services such as FTP or similar.

4) Do not allow the use of SCADA pendrive in those devices that support it. Transferring files to the same should be through a secure channel.

International institute of cyber security enables organizations to fight against the devastating cyber security threats by providing Information Security Course to employees and individuals. Posted by Webimprints.