Itai Grady is an experienced Security Researcher in Microsoft. Previously, Itai was a member of various research and development teams for 15 years in several companies, including Aorato (acquired by Microsoft) and 8200 intelligence unit. Itai holds a B.Sc degree in Computer Science.
Here to stay: Gaining persistence by abusing advanced authentication mechanisms
Credentials have always served as a favorite target for advanced attackers, since these allow to efficiently traverse a network, without using any exploits.
Moreover, compromising the network might not be sufficient, as attackers strive to obtain persistence, which requires the use of advanced techniques to evade the security mechanisms installed along the way.
One of the challenges adversaries must face is: How to create threats that will continuously evade security mechanisms, and even if detected, ensure that control of the environment can be easily regained?
In this talk, we briefly mention some of the past techniques for gaining persistence in a network and discuss why they are insufficient nowadays. Followed by a comprehensive analysis of lesser known mechanisms, using non-mainstream methods.
We focus on how attackers may leverage various Active Directory features and authentication mechanisms (such as object manipulation, Kerberos delegation, etc.) to achieve persistence.
Finally, we show how defenders can secure their environment against such threats.