Marina Simakov is a security researcher at Microsoft, with a special interest in network security and authentication protocols.
She holds an M.Sc. in computer science, with several published articles, with a main area of expertise in graph theory. Previously spoke at BlueHat IL 2016 and DefCon 2017.
Here to stay: Gaining persistence by abusing advanced authentication mechanisms
Credentials have always served as a favorite target for advanced attackers, since these allow to efficiently traverse a network, without using any exploits.
Moreover, compromising the network might not be sufficient, as attackers strive to obtain persistence, which requires the use of advanced techniques to evade the security mechanisms installed along the way.
One of the challenges adversaries must face is: How to create threats that will continuously evade security mechanisms, and even if detected, ensure that control of the environment can be easily regained?
In this talk, we briefly mention some of the past techniques for gaining persistence in a network and discuss why they are insufficient nowadays. Followed by a comprehensive analysis of lesser known mechanisms, using non-mainstream methods.
We focus on how attackers may leverage various Active Directory features and authentication mechanisms (such as object manipulation, Kerberos delegation, etc.) to achieve persistence.
Finally, we show how defenders can secure their environment against such threats.