By Sebastien Macke,
During penetration testing engagements, we often find ourselves on Windows systems, looking for account credentials. The purpose of this post is to walk through some techniques to gather credentials from Windows systems while being as non-intrusive as possible.
The core principles behind the techniques described in this post are:
Safety – Avoid causing any downtime, by using tools and techniques which are known to be safe, and will not render a system unstable.
Stealthiness – Avoid detection by using tools and techniques that will trigger alerts. Refrain from uploading binaries, turning off the anti-virus, generating suspicious event logs etc.
Efficiency – While Bernardo’s
attempts to cover many of the tools and techniques available for dumping credentials from a Windows host, this post focuses on the most practical way to get the job done.
Ideally, modern organisations are supposed to operate as a well-oiled machine, with actions in one area serving to assist others in their duties.This level of interdependence is what provides a business with its efficiencies that makes its service provision or production methods a valuable proposition – the focus of working to strengths and opportunities rather than reacting to market conditions.However, this same cross-reliance of people and processes needs to be taken into context when undertaking penetration testing and information security reviews.
This is because it can be easy to dismiss a small gap in a firm’s digital defences when the information most obviously at stake is not of great importance to the firm or its activities – the costs of protecting it can outweigh the immediate prospect of damage done by malicious external parties.However, the access gained through one small, seemingly insignificant channel could be used later by the same individuals – or sold on to other participants – to explore for further vulnerabilities.
As security specialists will know, it is important to remember to think of the big picture when assessing the strengths and weaknesses of a firm’s defences – because the small gaps that are ignored today could lead to greater problems later on down the track.
It is universally recognised that a brand that keeps good security measures in place is able to enjoy a better share of market confidence than one that publicly fails to manage the data it holds effectively.While this may be an obvious marketing benefit of being seen to be conscientious in managing digital security, the financial effects can also be substantial. Some firms may baulk at the prospect of
– having a team of specialists delve into a system from the outside could seem counter-intuitive. However, the benefits of this sort of activity are also quite weighty, as the trained professionals can uncover blind spots and security gaps before they are ever made public.This helps to demonstrate a level of corporate responsibility that goes above and beyond legislative requirements, with a proactive stance that improves public perception and client morale. On top of this, an ethical breach audit helps to serve as an investment in security – allowing the firm to make improvements to their defences and practices before a potentially expensive situation occurs.In this way, good online security helps to act as a sort of digital insurance that protects against future events – a practice that is always good for business
As business systems develop over time, new standards in efficiency, usability and practicality tend to shape standard commercial practices.This is the same across a number of areas for commercial enterprises, statutory corporations and industrial bodies alike – the benchmarks change according to the market environment.When it comes to online security, it can be difficult for those inside an organisation to gain a clear understanding of just what they need to be doing to protect their digital assets and proprietary data.This is because most internal protective measures taken by firms are often made publicly available, making it hard for managers to gain an insight into what constitutes as best practice.
This is where
red cell services
come to the fore – searching for vulnerabilities and hidden avenues and providing an in-depth report into a situation before it can be exploited.On top of this, the team can take into account the unique attributes of an organisation when performing their unique audit – providing customised insights that can be made to match both the technical capacity and security budgets of their clients