Community Night - Secure Australia 2024

Pass the What Now? Understanding Credential Attacks in a Windows 11 presented by SANS Principal Instructor Steve Anson and World & Who said that Python was UNIX Best Friend Only? presented by SANS Certified Instructor Xavier Mertens.

Abstracts:

Pass the What Now? Understanding Credential Attacks in a Windows 11 World

Microsoft provides users with the convenience of single-sign-on (SSO) solutions. But the authorization credentials upon which SSO relies have long been targeted by attackers. Pass-the-hash, pass-the-ticket, pass-the-token, and other attacks allow attackers to move freely about your network, even between your on-prem and cloud environments. Learn more about these attacks and the latest controls to mitigate their associated risk.

Who said that Python was UNIX Best Friend Only?

Python is a wonderful language, easy to learn, powerful and integrates perfectly with any operating system. Yes, who said that Python was only popular in UNIX environments? (read: Linux, macOS, etc). Today, there are more and more malicious Python scripts in the wild that work on Windows. They can interact with the webcam, keyboard to steal your data, they are able to interact with all Microsoft API calls and, therefore, preform more low-level action like process injection. Even ransomware can be developed in Python. You feel safe because Python is not installed on your workstations? No problem, Python can be installed easily from stage 0! In this talk, I'll present some findings that I collected for a while around Python malicious code in the Windows ecosystem.