December 17, 2019 Detection and response

Privilege escalation revisited: webinar highlights

Last week, Red Canary hosted a rockstar panel of researchers and engineers for a webinar on how attackers level up. Check out the highlights below, and see if you can spot any ugly Christmas sweaters.

 
Julie Brown
Security Engineer at Red Canary
 
Cathy Cramer
Detection Engineer at Red Canary
 
Erika Noerenberg
Senior Threat Researcher at VMware Carbon Black
 
Sarah Yoder
Cybersecurity Engineer at MITRE ATT&CK

What is privilege escalation?

 

Our own Julie Brown kicks things off by introducing our panelists and defining privilege escalation as an attack technique.

Watch Video
 

Privilege escalation on Windows

 

Sarah Yoder from MITRE delves into two living-off-the-land techniques attackers use to level up on Windows systems: Access Token Manipulation and Bypass User Access Control (UAC).

Watch Video
 

Privilege escalation on macOS

 

Carbon Black’s Erika Noerenberg, who submitted a privilege escalation technique to MITRE ATT&CK earlier this year, highlights the user interaction required to elevate access on macOS systems, using the Shlayer malware as an illustrative example.

Watch Video
 

Privilege escalation on Linux

 

Red Canary’s Cathy Cramer explains that because Linux systems are typically servers instead of desktop devices, they are less susceptible to the most vulnerable layer of security: users. Fewer applications means less surface area; thus, adversaries are more likely to seek out different ways to escalate privileges on Linux machines.

Watch Video
 

Why should you care about privilege escalation?

 

In this concluding clip, our panelists weigh in on the risk that privilege escalation poses to enterprise environments, citing the NotPetya ransomware outbreak of 2018 that is estimated to have cost a handful of companies $10B globally. Audience questions lead to an enlightening discussion on the roles that developers and individual users play as gatekeepers of security.

Watch Video
 

Want more? We’ll email you the full on-demand privilege escalation webinar to view at your leisure. Let us know where to send it!

 

Subscribe to our blog