A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


RID Hijacking: Maintaining Access on Windows Machines - Sebastián Castro Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

RID Hijacking: Maintaining Access on Windows Machines
Sebastián Castro
Derbycon 2018

The art of persistence is (and will be...) a matter of concern when successfully exploitation is achieved. Sometimes it is pretty tricky to maintain access on certain environments, especially when it is not possible to execute common vectors like creating or adding users to privileged groups, dumping credentials or hashes, deploying a persistent shell, or anything that could trigger an alert on the victim. This statement ratifies why it's necessary to use discrete and stealthy techniques to keep an open door right after obtaining a high privilege access on the target. What could be more convenient that only use OS resources in order to persist an access? This presentation will provide a new post-exploitation hook applicable to all Windows versions called RID Hijacking, which allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes. To show its effectiveness, the attack will be demonstrated by using a module which was recently added by Rapid7 to their Metasploit Framework, and developed by the security researcher Sebastián Castro.

Sebastián Castro (@r4wd3r) is the R&D Leader at CSL Labs. Born in Bogotá, Colombia, has been an information security researcher, network & application pentester and red-teamer for 6 years, providing cybersecurity services to global financial institutions and local defense government organizations. This guy has presented at national and international conferences, such as BSides, ISC² and recently Black Hat, exposing password cracking and Windows security own research. Sometimes a tenor, sometimes a hacker, Sebastián also works as an opera singer at the Opera of Colombia Chorus, participating on many national and international fancy performances with well-known singers whose names he can’t even spell.

@r4wd3r

Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast