当前位置:首页 > 报告详情

奥里·大卫_隧道视野探索VPN后利用技术.pdf

上传人: 张** 编号:175513 2024-09-13 53页 1.92MB

1、 2022 Akamai|Confidential1Tunnel VisionExploring VPN Post-Exploitation TechniquesOri DavidAgendaVPN exploitationVPN post-exploitationWhat can we do about itwhoamiOri DavidSecurity Researcher at AkamaiBackground in red teaming&threat huntingWhy VPNs areappealing to attackers?VPNInternal NetworkWhy VP

2、Ns areappealing to attackers?“Classic”VPN exploitationAbused mainly to gain initial access to the networkVPNInternal NetworkVPN Post-Exploitation?VPN post-exploitationPersistencyCredential AccessWindowsVPN?Implant based post-exploitation Mandiant“Cutting Edge part 4”reportImplant based post-exploita

3、tionRun a custom implant on the underlying device OS Modify system files or hook functions Full control over device functionalityExpensive to develop and maintainLiving off the landVPNLiving off the VPNOur test subjectsAbusing Remote Authentication ServersLocal user authentication1.Provide username&

4、password2.Approve/RejectauthenticationVPN Remote authentication serversAuthServer1.Provide username&password2.Validate user credentials3.Approve/RejectauthenticationVPN Abusing LDAP Authentication Fortigate LDAP authentication LDAPServer1.Provide LDAP username&password2.Validate user credentials3.Ap

5、prove/RejectauthenticationFortigateCLEARTEXTLDAP authenticationFortigateLeaks 2 sets of credentials:The configured Fortigate LDAP service accountThe credentials of the authenticating userLDAPS is supported,but not used by defaultCLEARTEXTLDAP authenticationFortigateIvanti LDAP authenticationTwo type

6、s of LDAP authentication servers:LDAPActive DirectoryIvantiLDAP authentication serverThe default setting uses TLSWhen LDAP is used-a simple bind is performedIvantiActive Directory authentication serverUses Kerberos authenticationIvantiCapturing LDAP credentialsIf LDAPS/Kerberos is used-downgrade to

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要探讨了VPN的安全问题。作者指出,VPN对攻击者具有很大吸引力,因为它可以提供初始访问网络的机会,并且可以用于持久化、获取凭据等后续利用。文章详细介绍了如何通过滥用远程认证服务器和LDAP认证来攻击VPN,并指出通过VPN发送的LDAP凭据可以轻易被捕获。此外,文章还讨论了Fortigate和Ivanti等VPN设备配置密码的加密方式存在的安全隐患。最后,作者提出了加强VPN安全的一些建议,包括限制服务账户权限、使用零信任网络访问(ZTNA)等。
如何防范攻击者的利用?" VPN存储的秘密有哪些风险?" 如何保护LDAP认证安全?"
客服
商务合作
小程序
服务号
折叠