ISC StormCast for Tuesday, January 15th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 14 January 2019
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, January 15th, 2019 edition of the Science and at Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida. |
| 0:14.0 | Today we got a diary by Rob about Labs, the local administrator password solution, which is a tool that's offered as a free |
| 0:23.1 | download by Microsoft. The great thing about Labs is that it does allow you to set a unique |
| 0:30.0 | admin password for all workstations within an organization. And well, it keeps a database of all |
| 0:37.1 | these passwords so you can still log in but if |
| 0:40.4 | one of these workstations gets compromised the attacker will only get the admin password for this |
| 0:47.7 | particular workstation and the hacker won't be able to then connect to other systems in your network using these credentials. |
| 0:57.0 | But Rob also took a look at the red team part of this particular tool and how it could be used by an attacker. |
| 1:06.0 | Well, if you're using labs, then of course administrators somehow need to have access to these passwords |
| 1:13.6 | and labs provides for that. So if an attacker is able to access one of these IT administrator |
| 1:21.0 | passwords, maybe a help desk password, then they may have access to the Labs database, which of course stores all the passwords |
| 1:30.6 | for all of your systems in clear text. So what Labs really does is it reduces your attack |
| 1:38.2 | surface instead of being able to steal the common admin password from any system in your network, the attacker |
| 1:46.4 | now has to compromise a particular account on a particular system in order to get this information. |
| 1:54.7 | Of course, you could use a paper-based database or something like this to accomplish the same thing. |
| 2:00.6 | The advantage of using labs is that it's scalable, it's a tool that's supported by Microsoft, |
| 2:06.9 | so much easier to assign random unique passwords to all your systems than doing it manually. |
| 2:15.8 | And last week, Intel released an interesting patch for its software guard extension |
| 2:20.5 | or SGX. SGX allows software to define secure enclaves in memory. So if you're doing something |
| 2:28.4 | security sensitive, you can define one of these SGX enclaves and even administrators on the system shouldn't be able to access this memory. |
| 2:40.0 | Sadly, the software that sort of implemented SGX had a vulnerability that actually made a system less secure by allowing for privilege escalation. |
| 2:50.0 | This vulnerability has been patched now, so if you're using SGX, do apply this patch from Intel. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.