What are some computer hacks that hackers know but most people don’t ?

There are many excellent answers here that are worth reading. I am adding a few that I haven’t seen yet.

Most of my time at work is spent breaking into organizations and teaching them how to better protect themselves. Here are some of the most common issues that I see across most organizations. The organization that implements these security measures will be ahead of the game.

  • Two-factor authentication - As has been mentioned, passwords are easy to get or guess. Unfortunately, having complex passwords isn’t enough. It is important to use two-factor authentication for all external access. For example, if a company has an employee portal that is Internet accessible, the company should ensure that access to the portal requires more than just a password to access it. It could be a code sent to the employee’s phone or a special token generated by a device or app. With two-factor authentication, the attacker would not be able to access the web application just with a stolen password. Quick side note, sophisticated phishing attacks are successful 25% of the time. In other words, 1 out of 4 employees emailed will give up their credentials.
  • Microsoft Office Macros - One of my favorite methods of breaking into an organization is sending someone a Word document with a "malicious" macro. When the employee opens up my document, they are presented with the following yellow button :

    If the employee clicks on that button, my "malware" is instantly installed on their computer. Afterwards, every 30 minutes, their computer connects back to my server and allows me to gain complete access to the computer. From the user’s perspective, there is no indication that their computer is being controlled remotely.
  • Pass-the-Hash - Microsoft Windows computers typically have domain accounts and local accounts. Employees typically have a domain accounts. This allows them to access their own computer as well as external resources, such as the company’s file share. Local accounts exist only within the user’s computer and don’t have any special permissions outside of the local computer — hence the name local accounts. The most common local accounts are Administrator and Guest. Microsoft Windows keeps a hashed copy of the password for the local accounts stored on the hard drive. In 90%+ of the organizations, most computers have the same local Administrator password. Unfortunately, the password hash of a local account can be used in place of the password to log into the computer. The result is that I can use the password hash to bounce from computer to computer very quickly without even knowing the local Administrator password.
  • Mimikatz - Mimikatz is a tool that allows an attacker to extract a domain user’s password straight out of memory of a Microsoft Windows computer. In other words, if the employee who opened up my malicious Word document has a very complex password, such as "MyVoiceIsMyPassport !", I am able to discover that password by using Mimikatz. If the organization doesn’t use two-factor authentication, I can log into any Internet accessible website that the employee has access to. Certain implementations of mimikatz are launched directly in memory and don’t touch the hard drive. This makes it invisible to anti-virus software.

Effectively, this means that once I get on your computer, I can use the local Administrator password hash to connect to other nearby computers. With Mimikatz, I can then steal the passwords of the employees who are logged into the computers that I can access. If I can find a Domain Administrator’s computer, I can steal their password and gain complete access to the whole environment. All of this can happen in a matter of hours.

So what should you do ?

  • Implement two-factor authentication for any application that is Internet accessible. This includes Outlook Web Access.
  • Make sure your email system can filter out Microsoft Office documents with macros.
  • Ensure that your each server and workstation have different local Administrator passwords. Another alternative is to prevent local accounts from authenticating to the network. Implementing this will make it very difficult to gain access to other parts of the network.

If your organization can do these things, you will be ahead of the game.

Source : http://www.quora.com/

Share Button