lecture: One tool to rule them all
Lateral Movement using ITOps and DevOps
This talk is going to be about an innovative attack scenario researched to perform red team assessments for different types of network setups that can exist in an organization. We would mainly cover two scenarios - Lateral movement using ITOp tool (System Center Operations Manager) in a protected AD environment and Lateral movement using DevOp tools (Puppet and Ansible) in a non-AD environment. We would also demonstrate on how to deploy malicious payloads into systems using these tools to bypass security products like SIEM, PIM, etc.
1. a. Networks with a basic Active Directory environment -
Go through an AD environment, critical user groups and identifying to target.
Talk about 5 most probable entry points in a network.
1. b. Lateral movement in a organization having basic AD -
Brief about tools like bloodhound and gofetch, making AD laterally moving and breaking an AD infrastructure a piece of cake.
2. a. Networks with Active Directory integrated with security tools. -
Discuss about AD integrated with security tools like SIEM, IDS/IPS, PIM, etc. and how it kills the chance of compromising AD as it restricts lateral movement
2. b. Lateral movement in a network having AD integrated with security tools -
Discuss manual enumeration of Active directory. Demonstrate usage of ITOps tools like System Center Operations Manager to laterally move inside the network.
3. a. Networks without an Active Directory implementation -
Discuss an environment without Active Directory implementation like SAP, SWIFT, etc.
3. b. Lateral movement in a network without AD implementation -
Talk on social media reconnaissance to identify ITOps and DevOps. Discuss two popular ITOps/ DevOps tools - puppet and ansible and how can one laterally move in the network with these tools.
Detailed explanation of post exploitation with puppet has been written in my blog https://n0tty.github.io/2017/06/11/Enterprise-Offense-IT-Operations-Part-1
Start time: 15:15