Hacker News new | past | comments | ask | show | jobs | submit login

I wish more people would get this through their heads. The secretary opening a zero-day PDF is usually all it takes for an entire organization to be owned! Especially organizations with Active Directory and Windows workstations. Here's why:

* Secretary's workstation gets owned via zero day. * Attacker installs keylogger. * Attacker "breaks" the workstation's join to the domain. * Domain admin shows up to re-join the workstation to the domain (to "fix it").

Now the attacker has the credentials necessary to manage all of AD and give themselves rights to whatever they want. Also, since AD doesn't use a salt with password hashes the attacker can now trivially obtain the passwords of every employee in the company along with things like service accounts. It's game over at that point--rebuild everything time.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: