principle-of-least-privilege – Page 2

What can an unprivileged attacker do (except privilege escalation)? [closed]

Posted on August 31, 2020 by beauthi

If a Linux or Windows machine with default configuration get attacked, what is the range of possibilities the attacker has as an unprivileged (non-root) user? (except from privilege escalation)
Thank you!

Continue reading What can an unprivileged attacker do (except privilege escalation)? [closed]→

Set up Developers with separate local admin accounts [migrated]

Posted on January 28, 2020 by itittruee

At work, our developers are local administrators on their Windows 10 machine. This is risky since we want to somewhat mitigate risks such as drive-by-download, but we also want productivity and some degree of freedom so we don’t want to fo… Continue reading Set up Developers with separate local admin accounts [migrated]→

Best practices or advice to convince IT admins not to map network drives in privileged sessions with users

Posted on January 7, 2020 by Ob1lan

We are currently trying to enhance the security posture of our company, and this means changing how some IT personnel work.

Put precisely, our IT helpdesk currently have 2 separate accounts: 1 for normal day-to-day usage (m… Continue reading Best practices or advice to convince IT admins not to map network drives in privileged sessions with users→

Best way to apply least privilege to one specific jar application on Linux

Posted on November 12, 2019 by A.Ho

Let’s say I have some java application running on the host and do different things, and now I have built a jar that captures network traffic. While reading What’s a least-privilege way to allow node.js to access network adapters on Linux?,… Continue reading Best way to apply least privilege to one specific jar application on Linux→

Unable to write to C:\ folder when logged in through BUILTIN\Users account | Windows Privilege Escalation | Unquoted Service Path

Posted on January 30, 2019 by acidburn

I have made an auto-start service from user (who is only in Administrators group and not Users) command prompt which is vulnerable to Unquoted Service Path.

Executable path: C:\Program Files\A Subfolder\B Subfolder\C Subfol… Continue reading Unable to write to C:\ folder when logged in through BUILTIN\Users account | Windows Privilege Escalation | Unquoted Service Path→

Is the example VPCAccess Lambda Policy template safe?

Posted on July 25, 2018 by drheart

Following the policy templates provided by AWS documentation yields a policy document (minus other statements) like such:

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
… Continue reading Is the example VPCAccess Lambda Policy template safe?→

Netsparker’s Weekly Security Roundup 2018 – Week 05

Posted on February 9, 2018 by Netsparker Security Team

Table of Content

Why You Should Be Careful What You Put Into Your composer.json File
Why You Need to Use a Package Manager

Composer Package Manager Can Expose Sensitive Information
The Principle of Least Privilege Limits Exploitation Opportunities

… Continue reading Netsparker’s Weekly Security Roundup 2018 – Week 05→

How does separating concerns into separate processes (without enforcement) help security?

Posted on January 4, 2017 by strugee

In this talk on privilege separation, Theo de Raadt explains that OpenBSD’s ntpd has a master process which calls settimeofday(), a DNS process responsible for querying DNS servers, and an NTP protocol process which is respon… Continue reading How does separating concerns into separate processes (without enforcement) help security?→