Fun Friday: Which Common Sysadmin Tool have you seen do the Most Damage?


Userlevel 7
Badge +20

Happy Friday all!

 

Today, lets talk tools, the right tool in the wrong hands can be catastrophic.

 

What tool have you seen so the most damage to an environment? Whether it’s a built in tool/feature or 3rd party, I wanna hear!

 

For me, it’s Remote PowerShell. I witnessed this being used by a malicious script to deploy ransomware to every device in the domain and the rest of the network. The script was harvesting credentials from users working on the infected endpoint and the moment a domain admin signed in, BANG, remote PowerShell to all!


31 comments

Userlevel 7
Badge +9

running ansible playbook on bad target, obivoulsly veeam backup save my ass :sweat_smile: , Thanks to instant recovery nobody notices the failure. Til this i write more sanity check in my code

Exactly as stated in my comment above. This can be detrimental and I am glad VBR was there to rescue you!

Userlevel 6
Badge +6

Microsoft SQL server ;)

Userlevel 7
Badge +9

Microsoft SQL server ;)

Hello @k00laidIT , could you please elaborate on this. I believe myself and many other members would wan to learn from your experience. 

 

Thank you!

Userlevel 7
Badge +20

I was scrolling through my prior fun Friday topics and thought this one needed resurrecting considering the MSDT vulnerability @dips wrote up here:

You never know which tool will be the cause of your demise 😆 thanks again dips for sharing!

Userlevel 7
Badge +7

I was scrolling through my prior fun Friday topics and thought this one needed resurrecting considering the MSDT vulnerability @dips wrote up here:

You never know which tool will be the cause of your demise 😆 thanks again dips for sharing!

Very welcome @MicoolPaul 😀

Userlevel 7
Badge +13

Exchange CUs not executed from privileged command line 😂 

Comment