Well if you play your cards right, you might find that you can access
all the lovely data still on site, since most companies that have things
to protect can't move them off site due to paranoia/regulations/laws.
There may just be a SQL server somewhere that contains all their data
and matching tokens that make people *think* their data is in the cloud.
If you can find the SQL server that is...
On 10 Sep 2015, at 19:48, [email protected] wrote:
Dave,
Active Directory has long been my favorite target because of the power
a Domain Admin wields combined with the odds and ends that get
integrated means any bug can be devastating
The "cloud" has been making vast inroads in Enterprise customer bases.
I find companies that have started post 2010 that are large enough to
require pen tests favor the out sourced infrastructure.
Alas AD is becoming less important and Microsoft might come out ahead
on the technical debt because the pushed the can down the road far
enough to where they are no longer as important.
DaveM
On Sep 10, 2015, at 13:17, Dave Aitel <[email protected]> wrote:
Yagate shinu
Keshiki wa miezu
Semi no koe
- Basho
I updated my SILICA this morning while making pancakes for the kids,
as you do, and of course, all around me looked about with new eyes. I
have a new mesh network that a friend installed in my house and it's
interesting to see what it looks like to a wireless hacker. If you
haven't seen the new SILICA video it is here:
https://vimeo.com/136964755
There's this sense that hackers get which is divorced from what is in
Wired or Business Insider or BlackHat which is "Works in the Wild".
It's a palpable thing, that sets priorities like a hot oil such that
you can tell who has "Gone Active", as they say, from their recoiling
from various technologies. One technology that is currently on the
hot plate is Active Directory. You can see from talks even at DefCon
that people are looking at WMI as a persistence mechanism in the
wild. And the Microsoft talk from INFILTRATE 2014 went over a whole
methodology for attacking Active Directory networks that dragged
public discussion of the techniques into the modern age. For decades
AD has been a disaster from a security perspective - by design - and
now all that technical debt is coming due like a storm of cicadas
chirping their last song.
-dave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
