MaLDAPtive:深入剖析 LDAP 混淆、反混淆和检测.pdf

编号:981579 PDF 167页 31.93MB 下载积分:VIP专享
下载报告请您先登录!

MaLDAPtive:深入剖析 LDAP 混淆、反混淆和检测.pdf

1、Diving Deep into LDAP(|(Obfuscation,Deobfuscation&=De*te)(!c=tion)USA 2024Sabajete Elezaj(Sabi)&Daniel Bohannon(DBO)DANIEL BOHANNONPRINCIPAL THREAT RESEARCHERdanielhbohannondanielhbohannondanielbohannon/Invoke-Obfuscation/Invoke-CradleCrafter/Invoke-DOSfuscation/Revoke-ObfuscationUSA(5 yrs)(2 yrs)(2

2、 yrs)“DBO”akaPermiso-io-tools/CloudConsoleCartographerSABAJETE ELEZAJSENIOR CYBER SECURITY ENGINEERsabi_elezisabajete-elezajAlbania“SABI”akaGovernment(1 yr)Consulting(3 yrs)Engineering(3 yrs)IntroductionLDAP OverviewPROBLEM:Obfuscating LDAPSOLUTION:Parse,Enrich,DetectMaLDAPtive Tool Demo+Release 199

3、8 OpenLDAP developed by OpenLDAP Project 2000 Microsoft released Active Directory(AD)Ensured compliance of AD with LDAP!Back to the 1980s X.500 directory services X.500 Directory Access Protocol(DAP)1993-1997“Lightweight”Directory Access Protocol(LDAP)v1-3 Used the simpler TCP/IP protocol stackHisto

4、ry 1998 OpenLDAP developed by OpenLDAP Project 2000 Microsoft released Active Directory(AD)Ensured compliance of AD with LDAP!Back to the 1980s X.500 directory services X.500 Directory Access Protocol(DAP)1993-1997“Lightweight”Directory Access Protocol(LDAP)v1-3 Used the simpler TCP/IP protocol stac

5、kHistoryFuturehttps:/ldap.or.kr/wp-content/uploads/2017/07/%EA%B7%B8%EB%A6%BC3.png Open-source tools for LDAP visibility(defensive&offensive usages)2015 PowerView(harmj0y)2016-Bloodhound(SpecterOps)2017 PingCastle(Vincent Le Toux)Back to theLogs?Future How to get LDAP logs in a lab?SilkETW(Ruben Boo

6、nen,2019)LDAPMon(Johnny Johnson,2023)How to get LDAP logs in production?Defender for Endpoint(EDR agent)Defender for Identity(sensor on DC)Back to the Logs?Client-side vs Server-side LDAP Logs Client-side logs WYSIWYG#YOLO Obfuscation ripewldap32.dll Server-side logs Significant normalization(but no

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(MaLDAPtive:深入剖析 LDAP 混淆、反混淆和检测.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠