Category: Build Security

Windows Desktop Breakout

Many organisations “lock-down” their desktop environments to reduce the impact that malicious staff members and compromised accounts can have on the overall domain security. Many desktop restrictions can slow down an attacker but it’s often possible to “break-out” of the restricted environment. Both assessing and securing these desktop environments can be tricky, so I’ll run you through how I assess them here, highlight some of the tricks and the methodology that I use with the intention that both breakers and defenders can get a better look at their options.

Continue reading: Windows Desktop Breakout

Deploying: Microsoft’s Local Administrator Password Solution (LAPS)

A common and critical vulnerability exploited during penetration tests is that of reused Local Administrator passwords. This issue is a common one it allows an attacker to find a vulnerable machine on a network, pull the administrative hash out of that machine and then log-in to a more interesting machine or ultimately privilege escalate.

Continue reading: Deploying: Microsoft’s Local Administrator Password Solution (LAPS)

From Network boot to Local Admin: PXE Booting

Pre-Execution Boot, or PXE, is a method of booting a workstation machine by loading an operating system across the network. If PXE boot can be enabled (often it is enabled by default, even when machines are restricted from booting CDs or USB Devices) then an stripped down Linux operating system can be loaded over the network and used to compromise the target.

Continue reading: From Network boot to Local Admin: PXE Booting