Page 47 - Cyber Warnings
P. 47
Recycling Old Vulnerabilities for Unpatched Privilege Escalation and A New Network Attack”. Here,
a young man named Stephen Breen of Foxglove Security presents how to execute an advanced
privilege escalation attack, starting with lowest level access, on virtually any Windows OS and
practically own the system by the end. Not only so, but this typically enables the attacker to then
move laterally throughout the network to compromise other systems on that domain. Sound too
complex? Stephen made it sound easy (*wink*). And as if that weren’t enough, he’s posted his
step-by-step manual for exploiting a Windows workstation or server vulnerability this way right here:
http://foxglovesecurity.com/2016/01/16/hot-potato/
So what does this all mean?
1. Your “patched” system isn’t as secure as you may think. Even if you practice perfect identity
management, harden your systems according to best practices and patch every Tuesday,
you’re still a target for these kinds of attacks. So, while vulnerability and identity
management are important and organizations seem focused on them more than ever, (wake
up call) bad stuff is still getting into your endpoints. So what can you do about it!?
2. Endpoint, Endpoint, Endpoint… are we sounding a little redundant? Good! If your perimeter
tools are letting things through and A/V isn’t discovering the attack (and, let’s be perfectly
honest: both are abundantly true), you need a next-generation endpoint security solution.
The latest solutions leading the way are next-generation endpoint (plus network) security
platforms that can provide real-time visibility, verification and surgical removal of advanced
threats at machine speed. There’s no excuse anymore for not knowing what you don’t know
or detecting without remediation.
Now that I’ve gotten that out of the way, what else does this mean? It means I have homework to do
between now and the next ShmooCon and, I’d venture to say, you do too.
Happy Hunting… and may the Force be with Shmoo!
About the Author
Brian Winkler joined Hexis in 2015 and currently serves as the Solutions Architect. With over 15
years of experience, Brian previously worked at CenturyLink and as a systems architect for Unisys.
You can follow him on twitter @bdwink4truth
Connect with Hexis online: http://www.hexiscyber.com/
Hexis Blog: http://www.hexiscyber.com/blog
Twitter: @hexis_cyber
LinkedIn: https://www.linkedin.com/company/hexis-cyber-solutions
47 Cyber Warnings E-Magazine – January 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
