or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
 | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx
Active Directory 安全:有時候真實比小說更加荒誕 - 姜尚德, 蘇學翔
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →歡迎來到 HITCON PEACE 2022 共筆
共筆入口:https://hackmd.io/@HITCON/2022-note
KrbRelayUp 問題可能還沒好解法
常見管理問題
管理群組
No admin group
大家都是 domain admins
預設群組用好用滿
(大部分人不用 admin,一個人失守全部淪陷)
建議動作:權限分隔 人員與維運帳號分開
案例 大家都是管理員
管理群組成員關聯強烈
知道要管 但力不從心
pwd mgmt 看起來是管理密碼群組,但有 general All 權限
維運 日常帳號分隔
管理帳號到處留下蹤跡
管理帳號沒切割 造成 Credential Dumping(超常見)
惡意者 cache Credential
mimikatz
rubeus
mscash
relay auth
krb relay(kerberos relay)
RemotePotato0(NTLM relay)
Lsarelayx(NTLM relay+downgrade)
jumpbox
現象 7天有279帳號 rdp 到同一台電腦,再 RDP 到自己主機
因為設定 Server 電腦讓員工共用主機
惡意者攻擊方式
設定檢查
各種設定錯誤
Default Component
Group Policy 讓不預期人員改 GPO
SPN on Users 被破解密碼的風
Network Shares 權限開太大
Auth related
AD CS權限
"我們的"憑證
錯誤設定憑證範本權限
要賦予所有使用者註冊權限 多給予修改權限
造成使用者可以修改"範本內容" 從而提權到 Domain Admins
AAD Connect Service Account
盤點帳號權限
對於特定資產該賦予權限沒概念
Exchange AD Privesc
OU權限: 我是你的主人
核心資產範圍
Tier 0:
Tier 1:
Tier 2:
你以為的核心資產
如何解決
scan the privilege
monitoring
professional advise
tags:
HITCON2022
,HITCON