Network Infrastructure Security Guidance, March 2022 (PP-22-0266 Version 1.0)

This report presents best practices for overall network security and protection of individual network devices, and will assist administrators in preventing an adversary from exploiting their network. While the guidance presented here is generic and can be applied to many types of network devices, sample commands for Cisco Internetwork Operating System (IOS) devices are provided which can be executed to implement the recommendations.

#cisco #docs

Security analysts who have some knowledge of Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an AD, uses ticket-based authentication where a Key Distribution Center (KDC) grants a Ticket-Granting Ticket (TGT) to a user requesting access to a service or an account, which can then be redeemed to generate a service ticket (ST) to access a particular service, like an SQL account.

Golden Ticket attacks show how an attacker can keep accessing the domain admin by obtaining the NTLM hash of the "krbtgt" account.

Domain persistence is necessary for an analyst in the event the admin password gets changed. Persistence can also be achieved by using certificate-based authentication deployed in the Active Directory Certificate Service. One such method is the Golden Certificate Attack.

#windows

Free Pentester's Lab by PentersterAcademy (USA)

Sources
https://attackdefense.pentesteracademy.com/

#education #pentest

Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec that allows low-level users to run commands as privileged users.

According to Qualys, the vulnerability exists in the pkexec.c code that doesn’t handle the calling parameters count correctly and ends up trying to execute environment variables as commands. Thus, an attacker can craft environment variables in such a way that it will induce pkexec to execute arbitrary code.

We are using the older, vulnerable Ubuntu version 20.04 in this demonstration, which can be downloaded from Ubuntu’s old releases page.

#linux

Microsoft has gradually increased the efficiency and effectiveness of its auditing facilities over the years. Modern Windows systems can log vast amounts of information with minimal system impact. With the corresponding decrease in the price of storage media, excuses to not enable and retain these critical pieces of evidence simply don’t stand up to scrutiny. Configuring adequate logging on Windows systems, and ideally aggregating those logs into a SIEM or other log aggregator, is a critical step toward ensuring that your environment is able to support an effective incident response.

This document provides an overview of some of the most important Windows logs and the events that are recorded there. As with all of our Analyst Reference documents, this PDF is intended to provide more detail than a cheat sheet while still being short enough to serve as a quick reference. The PDF also contains links to external resources for further reference.

#windows