> Cyber Security Strategy - From Idea to Mobile App RealityVinova Our team will brainstorm with you on where to begin, where to go, and how to get you there. Whether you have a spark of an idea or an existing app – we can help. Getting your mobile strategy right is what our unique services are all about. We’ll wrestle with business challenges, discover new opportunities that will help you define and refine your product ideas into mobile app reality.

Lateral Movement – Services – Penetration Testing Lab

Lateral Movement – Services – Penetration Testing Lab

Services with elevated privileges typically were used in the past as method of privilege escalation or persistence. However a service could be utilized for lateral movement since local administrators have permissions to create/restart a service and modify the binary path. PsExec was the first implementation of lateral movement by using services since it is a trusted Microsoft utility that can push an arbitrary file and register a service that will execute this file on a target host allowing a threat actor to establish access.

The following command will create an SMB server that will host an arbitrary payload.

Running PsExec will authenticate with the local administrator credentials on the target host and will execute the payload “pentestlab.exe” from the UNC path. As a result a Meterpreter session will open.

Metasploit Framework has a module which can perform via SMB lateral movement similar to PsExec. The module requires either the administrator password in plain-text or the administrator hash.

A PowerShell based payload will executed on the target and a new session will established.

However, both approaches are very noisy and even though could be used during penetration testing engagements in red teaming scenarios should be avoided. Usage of a PsExec for lateral movement is highly detectable since a new service will be created on the system and a mature Security Operation Center (SOC) should have already alerts in place.

Service Control (SC.exe) is a Microsoft utility which can be used by Administrators to create, modify, delete, start and stop a service in windows environments. In contrast with PsExec which needs to be dropped to disk this utility is part of Windows and could be abused directly to create a new service that will execute a fileless payload.

A new method of lateral movement using services has been implemented by Mr.Un1k0d3r in his tool SCShell. The .NET version uses the “OpenSCManager” API which uses remote procedure calls according to Microsoft documentation, it doesn’t create a new service as it relies on the modification of the binary path of an existing service and it can be used with a fileless payload by using the regsvr32 method.

This introduces to lateral movement via services a new stealthier approach more opsec safe compared to the existing techniques described above.

The python implementation of the “SCShell” uses “DCERPC” for authentication instead of SMB and can be executed from a non-domain joined systems.

An alternative option would be to use WMI for authentication to a target host in order to modify an existing service which is implemented in SharpMove.

The following command will execute an arbitrary payload from a UNC path on the target host by modifying an existing service similarly to “SCShell” tool.

Overall the lateral movement via services has been transitioned from SMB protocol to RPC and WMI. Modern tooling attempts to modify the binary path of valid services and execute fileless payloads to move laterally enabling red teams to continue use this technique in their engagements and to create the awareness to SOC teams about monitoring remote procedure calls on the network to identify such attacks.

This content was originally published here.

Malcare WordPress Security

singapore app developer,app development singapore,singapore web design services,web development company singapore,design agency singapore,design firms in singapore,website developer singapore,singapore mobile app developer,mobile application developer singapore,mobile app development singapore,web design singapore,android developer singapore,web design company singapore,web designer singapore,singapore web development,developers in singapore,mobile game developer singapore,ios developer singapore,web application singapore,singapore mobile application developer,website designer singapore,singapore web design,mobile application development singapore,app developer singapore,website design singapore,mobile app developer singapore,mobile developer singapore,graphic designer in singapore,singapore website design,mobile apps singapore,ios app development singapore,web development singapore,website development singapore,developer in singapore,ruby on rails developer singapore,web design services singapore,mobile apps development singapore