File System Attacks – Insider Threat Podcast #9

In the ninth edition of the Insider Threat Podcast, Jonathan Sander and I did a little role reversal. I played Zorak to Jonathan’s Space Ghost and was asking the questions – the topic this week is File System attacks. A topic that we have noticed not many struggles with, but one that we increasingly see as an attack vector. Jonathan has been researching these attacks recently and has been blogging about them in length. So we sat down to talk about the ways File Systems can be attacked, data exfiltrated and even how to use native File System functionality to remain persistent within a compromised File System.

The attacks consist of three parts, locating attractive data targets, targeting sensitive data and remaining persistent. So we began by exploring why these attacks are attractive to attackers and the tools available to perpetrate these attacks. PowerShell undoubtedly was part of the conversation as Jonathan discussed PowerSploits File System attack capabilities. Because Jonathan wanted to take a paper-or-plastic approach we also discussed the Python program ‘smbmap’, a cross-platform option for attacking File Systems.

We moved on to targeting sensitive data – attackers don’t have the benefit of insider knowledge to locate sensitive data, so there are a few tactics that are employed by them. Finally, there was just one question I was dying to ask… what was the most surprising thing you found out while profiling these attacks? You’ll have to tune in hear his response. I promise it is worth it.

Click here to listen to the podcast.

To be notified of Insider Threat Podcast episodes, sign up here