The Insider - Users presented at BSidesLondon 2018

by Neil Lines,

Summary : What can your internal users do? Over the years I have come to the conclusion that in most typical environments any domain user if they desired could gain full admin access, change or delete any data or machine if they desired to do so.And would this be hard to accomplish? No, typically it takes arround 30 mins to four hours, and worryingly sometimes even less time to gain full admin rights of a typical internal network domian.So now consider your employee’s at work or students at a typical university, collage or school, they are already half way there with regards to the process required to exploit all, and why, because they have been issued with a standard domain account.Without the constraints of time what could they achieve, have they already compromised accounts that belong to the domain administrative group? And to those who hold accounts belonging to administrative groups, are you still in charge, or was your account compromised years ago?Now this talk I will be presenting, I can guaranty you, that it will not be dull. If you love hacking this will be for you. I’m going to present how any user can compromise a typical network at any time they choose and then gain access to anything they wish internaly.It will reveal common used techniques that I have personally used over the years, often these are simple techniques that could be used by anyone with a domain account or even without one.What can disgruntled or malicious employees achieve, the answear to this will be detailed in full during the presentation.I will be honest this talk will worry some, it’s going to reveal how simple it can be to go from a standard user account to owning everything in the domain in a very short time.What are your users doing?