BSidesLV 2017 has ended
Back To Schedule
Wednesday, July 26 • 14:00 - 14:55
SECSMASH: Using Security Products to own the Enterprise'

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Enterprise security tools provide a deep level of insight, and access, to the organizations they are designed to protect. Although, in the right hands these tools can be powerful assets for a blue team, they can be equally valuable for an attacker. Attackers can subvert legitimate functionality to gain and maintain access to an enterprise's crown jewels.
Solutions such as Splunk, Tanium, Tripwire, Carbon Black Response, in addition to providing detailed reporting on an organizations assets, all offer the ability to run commands or scripts for administrative purposes on end points. Many of these systems by default, or only, run commands as the 'System' user on Windows. This can be leveraged to gain access to critical systems, pivot into 'segmented' networks, and maintain stealthy command and control.
Unfortunately, these tools are commonly deployed with inadequate hardening, or with excessive number of administrative user accounts. One reason for this could be the prior knowledge required to leverage the power of these applications in a safe and controlled manner during a pentest, causing them to largely go unnoticed, or unreported on most tests. We want to bring awareness to the importance of protecting deployed security tools and provide a framework for pentesters and red team teamers to leverage these tools on engagements. The tool we are releasing is called secsmash, and provides a handy commandline tool to turn credentials you've acquired for a supported tool into enterprise pwnage.


Kevin Dick

Information Security Consultant, Tevora
Information security consultant at Tevora since 2012. Wore a lot of hats initially, including solution integration work, auditing, and penetration testing. Kevin now leads Tevora's penetration testing and red teaming group. Areas of focus include Network, web, and mobile application... Read More →
avatar for Steven Flores

Steven Flores

Information Security Consultant, Tevora
Steven is a former Marine and now penetration tester/red teamer from Southern California. When he isn't brewing awesome coffee he enjoys doing research on different threat techniques and tool development.

Wednesday July 26, 2017 14:00 - 14:55 PDT
Breaking Ground (Florentine A) 255 E Flamingo Rd, Las Vegas, NV 89169