SECurity FUNdamentals

All roads lead to domain admin, a part of a presentation series: From breach to C.D.E. Part I


Security Fundamentals (803) October 18, 2016 10:15 am - 11:15 am Feedback

Bookmark and Share

Yannick Bedard

The focus of this talk is to give an idea of how skilled attacker’s methods are different from the traditional exploits used in order to take control of networks. The idea is to show both old school and new school methods used by attackers and red teams that go from initial breach to domain admin, as well as how to remediate or mitigate these attacks. This includes various ways to perform man in the middle attacks (LLMNR, NBT-NS, ARP spoof, etc.), performing effective traffic monitoring and manipulation, cracking Windows password-based network authentication protocols (or relaying them), dumping GPO scripts and passwords, abusing the Kerberos protocols to get free password hashes, automating derivative local admin exploitation, and capturing/analyzing PXE network bootable images and more.

The goal of this talk is to not only help system administrators and defenders learn what to expect from non-skiddy attackers, but to also understand how to properly prepare for them since most of the techniques shown in this talk are not captured by most IDS or IPS. Penetration testers will be interested in seeing different methods to take over networks without using vulnerability scanners.