Microsoft Backdoors

From WikiWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The opposite of Hardening : where to hide backdoors and gain persistence

Windows

  • User accounts: create a new user account
  • Groups: add a user to a group
    • backup operators!
  • Startup scripts
  • Logon scripts
  • Scheduled tasks
  • Services
  • Change utilman to cmd
  • Firewall to do port knocking and execute command
  • Map file extention
  • Create certificate mapping for administrator account
  • all autorun values
  • security policy for normal accounts (backup)
  • BIOS password or intel ME
  • network share mappings
    • symlink to
  • explorer loaded dll's
  • malicious drivers
  • image file execution options


Active Directory vs ADDS_Security

  • Sidhistory
  • set ACL for random account on top root
  • set ACL for random account on adminSD holder
  • group policy
    • logon scripts
  • password filter to keep track of admin passwords
  • SPN
  • Golden/Silver kerberos tickets
  • DSRM mode (local administrator 500 account password)
  • Backup Key for DPAPI (MS-BKRP)
  • certificate mapping for admin accounts
  • Authentication Mechanism Assurance
  • LAPS


Exchange

Azure

O365

ADRMS

ADCS