Microsoft Backdoors
Jump to navigation
Jump to search
The opposite of Hardening : where to hide backdoors and gain persistence
Windows
- User accounts: create a new user account
- Groups: add a user to a group
- backup operators!
- Startup scripts
- Logon scripts
- Scheduled tasks
- Services
- Change utilman to cmd
- Firewall to do port knocking and execute command
- Map file extention
- Create certificate mapping for administrator account
- all autorun values
- security policy for normal accounts (backup)
- BIOS password or intel ME
- network share mappings
- symlink to
- explorer loaded dll's
- malicious drivers
- image file execution options
Active Directory vs ADDS_Security
- Sidhistory
- set ACL for random account on top root
- set ACL for random account on adminSD holder
- group policy
- logon scripts
- password filter to keep track of admin passwords
- SPN
- Golden/Silver kerberos tickets
- DSRM mode (local administrator 500 account password)
- Backup Key for DPAPI (MS-BKRP)
- certificate mapping for admin accounts
- Authentication Mechanism Assurance
- LAPS