Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
• Attack Kill Chain
Attack Kill Chain
• “Login Data” file contains our passwords:
%AppData%LocalGoogleChromeUser DataDefaultLogin Data
• SQLite file format
Chromium Project:
https://chromium.googlesource.com/chromium/src/+/master/components/os_crypt/os_crypt_win.cc
https://www.usenix.org/legacy/event/woot10/tech/full_papers/Burzstein.pdf
https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics
• Steal user1 gmail creds residing in the chrome
browser
• Attacker logged-on on user2 (domain admin)
machine
• User1 gmail’s password:
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Protecting browsers’ secrets in a domain environment
Nächste SlideShare
Wird geladen in …5
×

von

Protecting browsers’ secrets in a domain environment Slide 1 Protecting browsers’ secrets in a domain environment Slide 2 Protecting browsers’ secrets in a domain environment Slide 3 Protecting browsers’ secrets in a domain environment Slide 4 Protecting browsers’ secrets in a domain environment Slide 5 Protecting browsers’ secrets in a domain environment Slide 6 Protecting browsers’ secrets in a domain environment Slide 7 Protecting browsers’ secrets in a domain environment Slide 8 Protecting browsers’ secrets in a domain environment Slide 9 Protecting browsers’ secrets in a domain environment Slide 10 Protecting browsers’ secrets in a domain environment Slide 11 Protecting browsers’ secrets in a domain environment Slide 12 Protecting browsers’ secrets in a domain environment Slide 13 Protecting browsers’ secrets in a domain environment Slide 14 Protecting browsers’ secrets in a domain environment Slide 15 Protecting browsers’ secrets in a domain environment Slide 16 Protecting browsers’ secrets in a domain environment Slide 17 Protecting browsers’ secrets in a domain environment Slide 18 Protecting browsers’ secrets in a domain environment Slide 19 Protecting browsers’ secrets in a domain environment Slide 20 Protecting browsers’ secrets in a domain environment Slide 21 Protecting browsers’ secrets in a domain environment Slide 22 Protecting browsers’ secrets in a domain environment Slide 23 Protecting browsers’ secrets in a domain environment Slide 24 Protecting browsers’ secrets in a domain environment Slide 25 Protecting browsers’ secrets in a domain environment Slide 26 Protecting browsers’ secrets in a domain environment Slide 27 Protecting browsers’ secrets in a domain environment Slide 28 Protecting browsers’ secrets in a domain environment Slide 29 Protecting browsers’ secrets in a domain environment Slide 30 Protecting browsers’ secrets in a domain environment Slide 31 Protecting browsers’ secrets in a domain environment Slide 32 Protecting browsers’ secrets in a domain environment Slide 33 Protecting browsers’ secrets in a domain environment Slide 34 Protecting browsers’ secrets in a domain environment Slide 35 Protecting browsers’ secrets in a domain environment Slide 36 Protecting browsers’ secrets in a domain environment Slide 37 Protecting browsers’ secrets in a domain environment Slide 38 Protecting browsers’ secrets in a domain environment Slide 39 Protecting browsers’ secrets in a domain environment Slide 40 Protecting browsers’ secrets in a domain environment Slide 41
Nächste SlideShare
Going Purple : From full time breaker to part time fixer: 1 year later
Weiter
Herunterladen, um offline zu lesen und im Vollbildmodus anzuzeigen.

6 Gefällt mir

Teilen

Herunterladen, um offline zu lesen

Protecting browsers’ secrets in a domain environment

Herunterladen, um offline zu lesen

All popular browsers allow users to store sensitive data such as credentials for online and cloud services (such as social networks, email providers, and banking) and forms data (e.g. Credit card number, address, phone number) In Windows environment, most browsers (and many other applications) choose to protect these secrets by using Window Data Protection API (DPAPI), which provides an easy method to encrypt and decrypt secret data. Lately, Mimikatz, a popular pentest/hacking tool, was updated to include a functionality that allows highly-privileged attackers to decrypt all of DPAPI secrets. In this talk, I will analyze the Mimikatz Anti-DPAPI attack targeting the Domain Controller (DC) which puts all DPAPI secrets in peril and show how it can be defeated with network monitoring.

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Protecting browsers’ secrets in a domain environment

  1. 1. • Attack Kill Chain
  2. 2. Attack Kill Chain
  3. 3. • “Login Data” file contains our passwords: %AppData%LocalGoogleChromeUser DataDefaultLogin Data • SQLite file format
  4. 4. Chromium Project: https://chromium.googlesource.com/chromium/src/+/master/components/os_crypt/os_crypt_win.cc
  5. 5. https://www.usenix.org/legacy/event/woot10/tech/full_papers/Burzstein.pdf
  6. 6. https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics
  7. 7. • Steal user1 gmail creds residing in the chrome browser • Attacker logged-on on user2 (domain admin) machine
  8. 8. • User1 gmail’s password:
  • zwned

    Jul. 12, 2016
  • darkr4y

    Jul. 11, 2016
  • slachiewicz

    Jul. 7, 2016
  • codedebug

    Jun. 24, 2016
  • ssuserad616d

    Jun. 24, 2016
  • MinhTrietPhamTran

    Jun. 23, 2016

All popular browsers allow users to store sensitive data such as credentials for online and cloud services (such as social networks, email providers, and banking) and forms data (e.g. Credit card number, address, phone number) In Windows environment, most browsers (and many other applications) choose to protect these secrets by using Window Data Protection API (DPAPI), which provides an easy method to encrypt and decrypt secret data. Lately, Mimikatz, a popular pentest/hacking tool, was updated to include a functionality that allows highly-privileged attackers to decrypt all of DPAPI secrets. In this talk, I will analyze the Mimikatz Anti-DPAPI attack targeting the Domain Controller (DC) which puts all DPAPI secrets in peril and show how it can be defeated with network monitoring.

Aufrufe

Aufrufe insgesamt

3.246

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

156

Befehle

Downloads

54

Geteilt

0

Kommentare

0

Likes

6

×