Privileged Escalation Deconstructed with a Hands-On Live Hack – From Vulnerability, to Endpoint Access, to Admin Account

Webinar Registration

No cyberattack is successful without first gaining some level of privileged access – whether the admin account on an endpoint, a service account on a server, Administrator in AD, or something in between, the bad guys require finding ways to give themselves privileged access.

Microsoft has taken strides to attempt to keep accounts out of the hands of the bad guys – limiting cached credentials on Windows endpoints and the creation of the Protected Users group in AD are just two examples of how they are working to limit the threat surface for privilege escalation attacks. But it’s clearly not enough, as attacks utilizing some form of elevated privileges continue.

In this real-training-for-free session, I’ll be joined by Microsoft MVP and cybersecurity expert Nick Cavalancia, as he provides insight into this critical and common part of nearly every cyberattack. Some of the topics to be discussed include:

  • How prevalent is privilege escalation in cyberattacks today?
  • Why privileged escalation is so important to the cybercriminal and how it’s used
  • What kinds of credential artifacts are useful in an attack?
  • Methods used to accomplish privilege escalation
  • Where this all maps to the MITRE ATT&CK framework

I’ll also be joined by Raimonds Liepins and Ed Breay from Thycotic. Raimonds will demonstrate a live hack showing why it’s so important to keep admin hashes off of endpoints. Raimonds' hack will include:

  • Utilizing a custom web application to impersonate a local admin and how easy it is to obtain privileged access on an initial endpoint
  • Accessing and leveraging credential artifacts to obtain privileged credentials
  • Laterally moving using stolen credentials
  • Accessing critical systems and services

Ed will then discuss how to avoid privilege escalation in the context of the live hack, covering processes and policies that can help keep privileged credentials from being accessible to cybercriminals during an attack.

Join us for this real-training-for-free session.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
City:  
State:  
Zip/Postal Code:  
Industry:  
Company Size:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources