.

How to protect Domain Admin?

<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Tue Nov 27, 2012 9:47 pm

How to protect Domain Admin?

It seems the thing to do in detection now-a-days is to sweep the network looking for bad guys by collecting data off individual computers in the network.  For example, running various WMIC queries across a domain; with a domain admin account.  But as you guys know, that's apparently not a good idea with Windows storing password hashes and even clear text passwords in memory.  So how can those responsible for finding compromised boxes avoid giving attackers domain admin?
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Nov 27, 2012 9:57 pm

Re: How to protect Domain Admin?

I knew I read about this somewhere before....have a look at this
http://computer-forensics.sans.org/blog ... ord-hashes
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Tue Nov 27, 2012 10:01 pm

Re: How to protect Domain Admin?

Wow, I guess I somehow missed that blog post... thanks. :)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Nov 27, 2012 10:52 pm

Re: How to protect Domain Admin?

For something like the scenario you mentioned, you should create a group that only has the permissions necessary to perform WMIC queries (or whatever it is you need to do). Then, create restricted user accounts and add them to that group as necessary. You don't need to be a domain admin to perform those types of activities. It's just easy and convenient to use domain admins for everything, and people are lazy.
The day you stop learning is the day you start becoming obsolete.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software