Dailydave mailing list archives
The fallacy of the domain
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 19 Nov 2014 12:35:59 -0500
Forever, it seems, attackers have been loving Windows network because of one thing: The domain server. The latest vulnerability Microsoft hot-patched <https://support.microsoft.com/kb/3011780> demonstrates how mind-blowingly critical any weakness in the domain server is: and because they offer a lot of features, domain servers have always been the exposed scrotum of any modern IT setup. This is why I always recommend they have an El Jefe client <http://immunityproducts.blogspot.com/2014/11/el-jefe-13-curious-case-of-3g-modem.html> placed on them! Often at Immunity we are boggled by what appears to be every single domain's need for some crazyness, like a daemon that runs as domain admin on every users' machine. Or the need for the helpdesk to sign into every machine every day and run some program. Likewise, let's say you have a vulnerability in Windows 2012's SMB stack. You can always use this same bug to talk directly to the domain controller from the DMZ. Because otherwise, the boxes in the DMZ cannot do authentication and your developers can't push new code. With Windows 8.1, Microsoft has made themselves a domain server for all Windows machines not on a domain, since you use your Windows account to log in (essentially so they can also sell you useless games from the app store - something no one does). So in short, anyone with a Windows domain has had someone log onto it (via a client-side or stolen password) and then get domain admin. The new bug makes this easier, in some cases, but it's always been easy. -dave P.S. Don't forget now is a good time to submit a talk to INFILTRATE! We are the only conference that does profit sharing with speakers!
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The fallacy of the domain Dave Aitel (Nov 19)