1 / 11

Finding Exploitable Admin Systems

Finding Exploitable Admin Systems. A “How To” Guide for SecurityCenter. Exploitable Admin Systems. If the hosts used to administer the network are vulnerable, then a malicious entity can exploit them to compromise the entire network!

jacob-byers
Download Presentation

Finding Exploitable Admin Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Finding Exploitable Admin Systems A “How To” Guide for SecurityCenter

  2. Exploitable Admin Systems • If the hosts used to administer the network are vulnerable, then a malicious entity can exploit them to compromise the entire network! • How can SecurityCenter be used to find hosts that are used to administer other systems ANDthat also have exploitable vulnerabilities?

  3. Find Administrative Systems • Plugin 800041, User Source Summary • Plugin output gives list of user accounts that have logged into remote systems from this host • If output contains 'root', 'Administrator', or another Windows management account name, then it is likely that this host was used to administer other systems on the network

  4. Find Administrative Systems • Use dynamic asset: Admin Systems • Available in feed by selecting category Collected Data, and then selecting tags admin or root

  5. Find Administrative Systems • If the Windows management account has been renamed from ‘Administrator’ to something else, text search clauses can be added in the asset.

  6. Find Exploitable Systems • Hosts that for at least one vulnerability detected, plugin text indicates that an exploit is available for the vulnerability, or that an exploit framework (such as Metasploit) can exploit the vulnerability.

  7. Find Exploitable Systems • Use dynamic asset: Exploitable (Generic) • Available in feed by selecting category Vulnerabilities, and then selecting tag exploitable

  8. Find Exploitable Admin Systems • Now use a combination asset to find systems that are both administrative AND exploitable

  9. Find Exploitable Admin Systems • This new combination asset can be used in dashboards and reports, to display for example: • Top vulnerabilities on admin systems (Vulnerability Summary) • Top exploitable admin systems (IP Summary) • Top remediationsfor admin systems (Remediation Summary) • And more!

  10. Combination Assets • Combination assets(assets of assets) can be used to locate systems that belong to both one group AND another group, or that belong to one group OR another group • For example, the Exploitable (Generic) asset could be combined with other dynamic assets to find the systems in those groups that are exploitable • Combination assets are dynamically updated, so any network changes are immediately reflected

  11. For Questions Contact Tenable Customer Support Portal

More Related