People need to stop using domain admin accounts for shit all the time and leaving them logged in.
I was in Cali last week doing a physical assessment/pentest for a company.
Used a random workstation they forgot to full disk encrypt -> Booted up bypassed local password -> Used local admin hash on everything on the same subnet(avoiding NAC/IDS) -> Found machines with DA logged in and dumped the plain text passwords out of memory -> Used DA account to access SSNs and other data.
People get lazy and don’t use AD delegation and assign only the necessary privileges. I’m a domain admin, and probably don’t need to be. I still think security is something that’s not taken seriously until something serious happens. It’s unfortunate.
What field was that company in?
+1
Insurance
And they encrypt all their machines? Desktop and Laptops? Two factor authentication?
All of their machines were supposed to use FDE I happened to walk around and find a desk with one that wasn’t.
Most places don’t use two factor inside their own building/network unless its military or some really large company that makes use of a smartcards or something…even that is usually based on PKI which tied to AD so it wouldn’t matter with the local accounts.
Companies using the admin local administrator passwords on computers is really large issue also
I also showed them a few other attack vectors including using the MAC address of a printer that was exempted from their NAC then netbios spoofed their network for an hour or so and got a couple AD accounts with weak passwords.
bingo
probably should in reality
lol i’ll let you know if I hear anything
I’m curious if you guys do any security around the electronics that control all the equipment you guys produce and use(SCADA stuff)
^The machining stations that use the CAD drawings (not sure if that is completely accurate)?
I need to get more into Security especially when I was told they want to make me Sharepoint Admin.
We have access to an online training site…where’s the best place to start? Sec+?
I was talking about PLCs/Control systems for large equipment that they use/produce. SCADA - Wikipedia
Security+ is a good place to start
Any of the SANs certs are good if you can get someone else to pay for them
CEH isn’t horrible anymore and its recognized by the gov and other companies
CISSP is recognized by HR and the industry however its a mile wide and an inch deep.
Just had a user get hit with CryptoWall. All her files were encrypted…Major LOLZ.
Not this shit again. LOL
Yep, I had a coworker look at the computer and he told me that he disinfected the computer but couldn’t open the files…I jokingly said…I hope it’s not one of those cryptolocker viruses.
If people are still getting this you can decrypt your shit here
We had to restore from tape backup a few weeks ago because of cryptolocker.
End user had modify access on a share that held files.
Fucking bastards.
Shadow Copy?