Goltsev Yuriy - Ломать - не строить!

May 23, 2015Download as PPT, PDF1 like1,973 views

This document provides recommendations for strengthening information security by addressing common issues found in internal networks. It identifies weak password policies, default accounts, unnecessary local privileges, vulnerabilities in the Windows architecture, misconfigured WPAD, antivirus software issues, lack of network segmentation, and no patch management as frequent problems. The document recommends implementing strong password policies, disabling unused accounts, restricting privileges, following the principle of least privilege, disabling WPAD if unused, configuring antivirus self-defense, implementing network segmentation with whitelisting, and establishing patch management.

Ломать - не строить!
Юрий Гольцев
@ygoltsev

Invest in your knowledge of practical information security

Please, don’t order a penetration test until…

My own TOP of security issues, related to internal networks:
1. Weak password policy
2. Default accounts
3. Local accounts/unnecessary privileges
4. Windows architecture
5. WPAD configuration mismatch
6. Antivirus software configuration mismatch
7. No network segmentation
8. No patch management

Weak password policy
Description
Easy to bruteforce
Common Targets
Directory Service (Active Directory/Lotus Domino/LDAP/Novell/etc)
Recommendations
Implement strong password policy, just follow next rules:
- 8 chars (at least)
-Lower, upper case
-Alpha-Numeric
Check for common passwords once a day (at least)
- Special chars
- Change every 60 days

Default accounts
Description
Easy to bruteforce
Common Targets
DBs, network devices (routers/printers/etc)
Recommendations
-Disable all unused accounts
-Set strong password

Local accounts/unnecessary privileges
Description
Local administrator accounts/privileges – is bad
Common Targets
Windows hosts
Recommendations
-Disable accounts of local administrators on Windows hosts
-Do not use GP to manage accounts of local administrators on Windows hosts

Windows architecture
Description
You can’t prevent it, if you use it
Common Targets
Windows hosts
Recommendations
-Follow principle of minimal privileges
-Use privileged accounts for administration tasks only
-Implement two factor authentication for privileged accounts
-Implement patch management

WPAD configuration mismatch
Description
Very useful for corporate users if implemented, and for attacker – if not
Common Targets
Windows hosts
Recommendations
Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

Antivirus software configuration mismatch
Description
Antivirus software can be disable with local admin privileges
Common Targets
Windows hosts
Recommendations
Configure self defense feature of antivirus software

No network segmentation
Description
No restrictions and no data filtration on network level
Common Targets
Network topology
Recommendations
Implement data filtration – it is better to use white lists for access

No patch management
Description
MS08-067 still can be found during penetration test
Common Targets
Windows/Unix hosts
Recommendations
Implement patch management

This document summarizes various topics related to hacking 802.11 wireless networks, including: 1. Factors that can affect hacking like weather, time of day, and neighboring networks. 2. Different antenna types useful for hacking like omnidirectional, Yagi, panel and their radiation patterns. 3. Recommended hardware and software tools for tasks like capturing handshakes, deauthentication attacks, and setting up rogue access points. 4. Details on wireless frequencies and channel plans used in different regions. 5. Techniques for hacking protected networks like WPA2 and discussions of tools like KARMA and MANA for rogue access points.

Dmitry Chastuhin - Practical attacks on Internet kiosks and payment terminalsDefconRussia

��

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...DefconRussia

��

Adminblast 2013Gabriella Davis

��

This document provides tips from a presentation titled "BP101 Adminblast 2013". It includes tips from Paul Mooney of Bluewave Technology and Gabriella Davis of The Turtle Partnership on administering and configuring IBM Lotus Notes and Domino. Some of the tips discussed include finding which ACLs contain a user or group, separating full text indexing from view updates, restricting Sametime login types, and allowing multiple Sametime logins simultaneously. The presentation provides over 60 administration and configuration tips for Notes/Domino.

Why internal pen tests are still funpyschedelicsupernova

��

This document discusses techniques for internal penetration testing. It begins by explaining why internal pen tests are more interesting than external or web app tests due to the ability to gain shells on internal systems. It then provides tips for easy exploits such as exploiting weak passwords, lack of patching, and improper access controls to gain initial access. Further tips include using tools like Responder to capture credentials, using a USB rubber ducky to quickly gain access when a user is logged in, and techniques for safely dumping passwords without antivirus detection. The document concludes by discussing how to escalate privileges to domain admin, loot sensitive data from file shares and databases, and scripts to automate post-exploitation tasks. Mitigations are briefly discussed as well as tips

Linuxfest Northwest Proper Care and Feeding Of a MySQL for Busy Linux AdminsDave Stokes

��

This document provides tips and best practices for properly configuring and maintaining a MySQL server for busy Linux administrators. It recommends focusing on hardware resources like memory, storage, and networking. It also emphasizes the importance of backups, replication, monitoring tools, and security configurations. Proper configuration of these areas can help keep MySQL databases running smoothly and prevent issues that waste administrators' time.

5 Bare Minimum Things A Web Startup CTO Must Worry AboutIndus Khaitan

��

So you have started-it-up and now you are getting good traffic — Thousands of users, etc. etc. Do you know script kiddies are scanning your website using simple dictionary attacks on SSH ports? Do you know that once in a while there is a Fatal application Error in your PHP log (which may point to bigger problem)? Do you know that the backup you are taking is actually not gonna restore your DB? Do you know that every night at 12 one of the servers has a CPU spike? It’s a good idea to catch some of the serious problems early on and deploy tools to proactively assess them. In this session we will discuss some very basic things, as a CTO you MUST worry about and proactively solve problems around them. These are (in the order of decreasing priority): 1. Security 2. Monitoring/Availability/Load (External/System level) 3. Application errors 4. Backup 5. Source control

Sitnl erp sec-2011jvandevis

��

Illuminate - Performance Analystics driven by Machine LearningjClarity

��

illuminate is a machine learning-based performance analytics tool that automatically diagnoses performance issues in servers and applications without human intervention. It has a small memory, CPU, and network footprint, uses adaptive machine learning to interpret data and scale with applications, and provides a holistic view of both application and system performance across servers. illuminate identifies the largest bottlenecks through machine learning, aggregates similar issues across servers, and auto-triggers on SLA breaches. It supports Linux systems and has a secure web-based dashboard.

CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne

��

CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne

��

The Infosec Revivalscriptjunkie

��

As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the defenses of a typical corporate network. Using a playbook of techniques both common and uncommon, intruders can bypass almost all security barriers despite even tough policies on end users and admins. But failure is not inevitable for a defender. There are many practical ways a network can be constructed that will wipe out most of the playbook, and they don’t always require expensive purchases. Security must be built from the start, and this presentation will show you how it’s done; how to intelligently look at threats and plan defenses for a Windows network.

IBM Connections AdminblastLetsConnect

��

Buckle up, join Christoph and Nico and get ready to learn 50 tips and tricks you can implement right away to improve your IBM Connections environment. Your users will thank you as they too benefit from this best practice list gathered from real-world projects while deploying and administering IBM Connections On-premises. Walk away with knowledge covering anything from Orient Me, Cognos integration, Docs, CCM and Forms Experience Builder to the back end like IBM Cloud private, DB2, TDI and SSO.

Webinar: IBM Connections AdminblastNico Meisenzahl

��

This document provides tips and tricks for optimizing an IBM Connections environment. It includes 35 tips covering topics like Docs conversion on Linux, using a custom user for WebSphere services, surveys setup, global sender email addresses, Orient Me installation, WAS and 4096-bit SSL keys, seedlist validation, and more. The tips aim to help improve performance, security, and usability of an IBM Connections deployment.

An easy way into your sap systems v3.0Cyber Security Alliance

��

Default accounts are commonly exploited to gain unauthorized access to SAP systems. The presentation identifies several new default accounts in SAP Solution Manager with the password "init1234" that can be used to retrieve passwords, execute operating system commands, and fully compromise associated SAP systems. It provides examples of how these accounts can be exploited and advises customers to use available tools to detect and remediate exposed default accounts.

We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT Group

��

This document provides 60 tips for administering and optimizing IBM Lotus Domino servers. It is a brain dump of useful tips from a presentation by Paul Mooney of Bluewave Technology. The presentation covers topics like separating domains while using the same certificates, tracking traveler device data usage, catalog.nsf disk usage reporting, uninstalling plugins, Sametime configuration, full text indexing optimizations, and extending server log files. The document encourages downloading additional resource materials from the presenter's website.

Social Connections 12 - IBM Connections AdminblastNico Meisenzahl

��

This document provides tips and troubleshooting advice for administering IBM Connections. It begins with an agenda for an IBM Connections Adminblast session with Nico Meisenzahl and Christoph Stoettner. The rest of the document consists of 35 tips numbered 1 through 35 covering topics like iOS push notifications, WebSphere configuration, database tuning, TLS configuration, and debugging techniques.

IBM Connections Adminblast - Soccnx 12 Editionpanagenda

��

Dns firewalls null-may2020n|u - The Open Security Community

��

This document discusses using DNS as a layer of defense in networks. It describes how flat networks without segmentation are vulnerable and how a DNS firewall can help by filtering malicious DNS queries. It provides examples of DNS response policy zones (RPZ) that define rules for blocking domains known to host malware or phishing sites. Implementing a local recursive DNS resolver with RPZ rules is presented as a low-cost way to add defense for home, SOHO, and small business networks. Challenges from the rise of DNS over HTTPS are also covered.

Webinar: IBM Connections Adminblastpanagenda

��

Webinar Recording: ow.ly/Mc6w30gK7Tt Buckle up, join Nico and get ready to learn 50 tips and tricks you can implement right away to improve your IBM Connections environment. Your users will thank you as they too benefit from this best practice list gathered from real-world projects while deploying and administering IBM Connections On-premises. Walk away with knowledge covering anything from Orient Me, Cognos integration, Docs, CCM and Forms Experience Builder to the back end like IBM Cloud private, DB2, TDI and SSO.

Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson

��

As a professional penetration tester for the last 15+ years, I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’d never even heard of, and the agony of defeat on a major scale. Rather than review the techniques used to work our way into systems, I will present the ways blue teams kept us out! In this session we will look at the technologies and techniques that have turned our traditional paths to root from minutes to months, and examine the tricks that got us “caught” along the way. Not all pen tests are a dream and nightmares can and do happen. So, let’s talk about how your environment can become an attacker’s worst nightmare instead of their favorite playground. Things attendees will learn: • Strategic defense • Attacker techniques • Indicators of Compromise • Active blue team response techniques • Security architecture • Layered defensive techniques

Proper Care and Feeding of a MySQL Database for Busy Linux AdministratorsDave Stokes

��

Ch 8: Desktop and Server OS VulnerabilitesSam Bowne

��

ITARC15 Workshop - Architecting a Large Software Project - Lessons LearnedJoão Pedro Martins

��

Flipping the scriptChris Nickerson

��

Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the tricks that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground

CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne

��

The Proper Care and Feeding of a MySQL Database for Busy Linux Admins -- SCaL...Dave Stokes

��

System hardening - OS and Applicationedavid2685

��

This document discusses strategies for hardening Windows operating systems and applications. It provides resources and guidelines for securing Microsoft OS's using tools like the Microsoft Security Compliance Manager and the Center for Internet Security benchmarks. Specific recommendations are given for mitigating risks from Java, Adobe Reader, local administrator passwords, and enabling full disk encryption with BitLocker. Troubleshooting tips are also included for addressing issues that may arise from an OS hardening project.

Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow

��

- Man-in-the-middle (MiTM) attacks are fundamental communication attacks that can be implemented in various conditions and technologies. - As communications technologies have advanced from dial-up to 4G/5G, security has evolved slowly, creating opportunities for MiTM attacks at new layers. - There are many ways to conduct MiTM attacks including via Ethernet, WiFi, VPNs, and by compromising routers to intercept traffic on the local network or WAN. Practical experience with tools is important for learning different MiTM techniques.

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow

��

This document discusses hacking routers by exploiting vulnerabilities in their web interfaces. It begins by introducing the author and their background in security research. Several common vulnerabilities are then outlined, including default credentials, authentication bypass, XSS, CSRF and command injection issues. The document provides examples of exploiting these flaws in various router models. A methodology is proposed for analyzing router firmware to find and exploit vulnerabilities, potentially achieving remote code execution. It emphasizes chaining multiple issues together for increased access. Finally, the document suggests that support software, internet service providers, and router developers themselves can also be targeted.

More Related Content

Similar to Goltsev Yuriy - Ломать - не строить! (20)

Illuminate - Performance Analystics driven by Machine LearningjClarity

��

CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne

��

CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne

��

The Infosec Revivalscriptjunkie

��

IBM Connections AdminblastLetsConnect

��

Webinar: IBM Connections AdminblastNico Meisenzahl

��

An easy way into your sap systems v3.0Cyber Security Alliance

��

We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT Group

��

Social Connections 12 - IBM Connections AdminblastNico Meisenzahl

��

IBM Connections Adminblast - Soccnx 12 Editionpanagenda

��

Dns firewalls null-may2020n|u - The Open Security Community

��

Webinar: IBM Connections Adminblastpanagenda

��

Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson

��

Proper Care and Feeding of a MySQL Database for Busy Linux AdministratorsDave Stokes

��

Ch 8: Desktop and Server OS VulnerabilitesSam Bowne

��

ITARC15 Workshop - Architecting a Large Software Project - Lessons LearnedJoão Pedro Martins

��

Flipping the scriptChris Nickerson

��

CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne

��

The Proper Care and Feeding of a MySQL Database for Busy Linux Admins -- SCaL...Dave Stokes

��

System hardening - OS and Applicationedavid2685

��

Illuminate - Performance Analystics driven by Machine LearningjClarity

��

CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne

��

CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne

��

The Infosec Revivalscriptjunkie

��

IBM Connections AdminblastLetsConnect

��

Webinar: IBM Connections AdminblastNico Meisenzahl

��

An easy way into your sap systems v3.0Cyber Security Alliance

��

We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT Group

��

Social Connections 12 - IBM Connections AdminblastNico Meisenzahl

��

IBM Connections Adminblast - Soccnx 12 Editionpanagenda

��

Dns firewalls null-may2020n|u - The Open Security Community

��

Webinar: IBM Connections Adminblastpanagenda

��

Nightmares of a Penetration Tester ( How to protect your network)Chris Nickerson

��

Proper Care and Feeding of a MySQL Database for Busy Linux AdministratorsDave Stokes

��

Ch 8: Desktop and Server OS VulnerabilitesSam Bowne

��

ITARC15 Workshop - Architecting a Large Software Project - Lessons LearnedJoão Pedro Martins

��

Flipping the scriptChris Nickerson

��

CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne

��

The Proper Care and Feeding of a MySQL Database for Busy Linux Admins -- SCaL...Dave Stokes

��

System hardening - OS and Applicationedavid2685

��

More from Defcon Moscow (12)

Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow

��

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow

��

Defcon Moscow #0x0A - Dmitry Nedospasov "WTFPGA?!"Defcon Moscow

��

Defcon Moscow #0x0A - Nikita Kislitsin APT "Advanced Persistent Threats"Defcon Moscow

��

Defcon Moscow #0x0A - Sergey Golovanov "Вредоносные программы для финансовых ...Defcon Moscow

��

Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"Defcon Moscow

��

Defcon Moscow #9 - Oleg Kupreev "Telecommunication Hardware Vulnerabilities"Defcon Moscow

��

This document discusses hardware vulnerabilities in telecommunications devices. It begins by introducing the author and their background in hacking telecommunications hardware since 2001. It then lists common device types like modems, routers, and switches that are targeted. Common vulnerabilities are outlined such as default credentials, backdoors, and injection attacks. Statistics on vulnerabilities found in popular vendor devices are provided. Specific hacking techniques for 3G/4G modems and routers are then described, along with warnings about using powers responsibly. The document proposes a hypothetical scenario for "robbing a train" using telecom device hacking.

Defcon Moscow #9 - Mikhail Elizarov "MITM"Defcon Moscow

��

Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...Defcon Moscow

��

Defcon Moscow #9 - Ivan Novikov "ElasticSearch is secure?"Defcon Moscow

��

Elasticsearch is a distributed RESTful search engine that is commonly used but has had security vulnerabilities in the past related to remote code execution and path traversal. The document examines potential injection vulnerabilities in how various Elasticsearch client wrappers in PHP handle user-supplied input, finding that the original PHP client properly URL-encodes dots in paths but other clients may be vulnerable if they do not sanitize input or properly construct JSON requests. It recommends input validation and use of client libraries' query parameterization features to help prevent injection attacks against Elasticsearch deployments.

Defcon Moscow #9 - Sergey VishnyakovDefcon Moscow

��

Sergey Vishnyakov is the coordinator of Defcon Moscow #9, which is supported by Mail.Ru Group, Xakep Magazine, SecurityLab, and NewProject1. Additional community supporters include Defcon Russia, Justin Bieber's Fan Club, АНТИЧАТ, r0 Crew, and RDot. People are encouraged to stay tuned for more information about Defcon Moscow #9 by following the event's website, social media, and contacting the organizers by email.

Denis Makrushin & Maria Garnaeva - DeanonymizaTORDefcon Moscow

��

Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow

��

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow

��

Defcon Moscow #0x0A - Dmitry Nedospasov "WTFPGA?!"Defcon Moscow

��

Defcon Moscow #0x0A - Nikita Kislitsin APT "Advanced Persistent Threats"Defcon Moscow

��

Defcon Moscow #0x0A - Sergey Golovanov "Вредоносные программы для финансовых ...Defcon Moscow

��

Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"Defcon Moscow

��

Defcon Moscow #9 - Oleg Kupreev "Telecommunication Hardware Vulnerabilities"Defcon Moscow

��

Defcon Moscow #9 - Mikhail Elizarov "MITM"Defcon Moscow

��

Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...Defcon Moscow

��

Defcon Moscow #9 - Ivan Novikov "ElasticSearch is secure?"Defcon Moscow

��

Defcon Moscow #9 - Sergey VishnyakovDefcon Moscow

��

Denis Makrushin & Maria Garnaeva - DeanonymizaTORDefcon Moscow

��

Recently uploaded (20)

Research & Research Methods: Basic Concepts and Types.pptxDr. Sarita Anand

��

MELC: Follows ethical standards in writing related literaturejoverlynbalansag1

��

Azure Data Engineer Interview Questions By ScholarHatScholarhat

��

How to Setup WhatsApp in Odoo 17 - Odoo �ݺ�ߣsCeline George

��

Managing expiration dates of products in odooCeline George

��

PUBH1000 - Module 2: Public Health HistoryJonathan Hallett

��

How to Configure Proforma Invoice in Odoo 18 SalesCeline George

��

ITI Turner Question Paper MCQ E-Book Free DownloadSONU HEETSON

��

ITI Turner Question Paper MCQ Book PDF Free Download. All Questions collected from NIMI Mock Test, CTS Bharat Skills Question Bank, Previous Exam papers. Helpful for CTS Trade Theory 1st & 2nd Year CBT Exam,��Apprentice test, AITT, ISRO, DRDO, NAVY, ARMY, Naval Dockyard, Tradesman, Training Officer, Instructor, RRB ALP CBT 2,��Railway Technician, CEPTAM, BRO, PWD, PHED, Air India, BHEL, BARC, IPSC, CISF, CTI, HSFC, GSRTC, GAIL, PSC, Viva, Tests, Quiz��& all other technical competitive exams.

Blind spots in AI and Formulation Science, IFPAC 2025.pdfAjaz Hussain

��

The intersection of AI and pharmaceutical formulation science highlights significant blind spots—systemic gaps in pharmaceutical development, regulatory oversight, quality assurance, and the ethical use of AI—that could jeopardize patient safety and undermine public trust. To move forward effectively, we must address these normalized blind spots, which may arise from outdated assumptions, errors, gaps in previous knowledge, and biases in language or regulatory inertia. This is essential to ensure that AI and formulation science are developed as tools for patient-centered and ethical healthcare.

DBMS Interview Questions PDF By ScholarHatScholarhat

��

Final-PPT-on-Reading-Comprehension-in-the-Early-Years.pptxjennifersayong3

��

Intellectual Honesty & Research Integrity.pptxNidhiSharma495177

��

ASP.NET Interview Questions PDF By ScholarHatScholarhat

��

BISNIS BERKAH BERANGKAT KE MEKKAH ISTIKMAL SYARIAHcoacharyasetiyaki

��

Meeting the needs of modern students?, Selina McCoyEconomic and Social Research Institute

��

cervical spine mobilization manual therapy .pdfSamarHosni3

��

ASP.NET Web API Interview Questions By ScholarhatScholarhat

��

Full-Stack .NET Developer Interview Questions PDF By ScholarHatScholarhat

��

lklklklklklklklklklklklklklklklklklklklklklklklklklklklkpreetheshparmar

��

Entity Framework Interview Questions PDF By ScholarHatScholarhat

��

Research & Research Methods: Basic Concepts and Types.pptxDr. Sarita Anand

��

MELC: Follows ethical standards in writing related literaturejoverlynbalansag1

��

Azure Data Engineer Interview Questions By ScholarHatScholarhat

��

How to Setup WhatsApp in Odoo 17 - Odoo �ݺ�ߣsCeline George

��

Managing expiration dates of products in odooCeline George

��

PUBH1000 - Module 2: Public Health HistoryJonathan Hallett

��

How to Configure Proforma Invoice in Odoo 18 SalesCeline George

��

ITI Turner Question Paper MCQ E-Book Free DownloadSONU HEETSON

��

Blind spots in AI and Formulation Science, IFPAC 2025.pdfAjaz Hussain

��

DBMS Interview Questions PDF By ScholarHatScholarhat

��

Final-PPT-on-Reading-Comprehension-in-the-Early-Years.pptxjennifersayong3

��

Intellectual Honesty & Research Integrity.pptxNidhiSharma495177

��

ASP.NET Interview Questions PDF By ScholarHatScholarhat

��

BISNIS BERKAH BERANGKAT KE MEKKAH ISTIKMAL SYARIAHcoacharyasetiyaki

��

Meeting the needs of modern students?, Selina McCoyEconomic and Social Research Institute

��

cervical spine mobilization manual therapy .pdfSamarHosni3

��

ASP.NET Web API Interview Questions By ScholarhatScholarhat

��

Full-Stack .NET Developer Interview Questions PDF By ScholarHatScholarhat

��

lklklklklklklklklklklklklklklklklklklklklklklklklklklklkpreetheshparmar

��

Entity Framework Interview Questions PDF By ScholarHatScholarhat

��

Goltsev Yuriy - Ломать - не строить!

1. Ломать - не строить! Юрий Гольцев @ygoltsev

2. Intro

3. Invest in your knowledge of practical information security

4. Please, don’t order a penetration test until…

5. My own TOP of security issues, related to internal networks: 1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

6. Weak password policy Description Easy to bruteforce Common Targets Directory Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

7. Default accounts Description Easy to bruteforce Common Targets DBs, network devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

9. Windows architecture Description You can’t prevent it, if you use it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

10. WPAD configuration mismatch Description Very useful for corporate users if implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

11. Antivirus software configuration mismatch Description Antivirus software can be disable with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

12. No network segmentation Description No restrictions and no data filtration on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

13. No patch management Description MS08-067 still can be found during penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

14. Outro