Owned in 60 Seconds: From Network Guest to Windows Domain Admin

DEF CON 20

Presented by: Zack Fasel
Date: Sunday July 29, 2012
Time: 15:00 - 15:50
Location: Track 3

Their systems were fully patched, their security team watching, and the amateur pentesters just delivered their “compliant” report. They thought their Windows domain was secure. They thought wrong.

Zack Fasel (played by none other than Angelina Jolie) brings a New Tool along with New methods to obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60 seconds or less on a fully patched and typically secured windows environment. The Grand Finale? Zack demonstrates the ability to externally gain access to a Windows domain user's exchange account simply by sending them an email along with tips on how to prevent yourself from these attacks.

In just one click of a link, one view of an email, or one wrong web request, this new toolset steals the identity of targeted users and leverages their access. Call your domain admins, hide your road warriors, and warn your internal users. Zack will change the way you think about Windows Active Directory Security and trust relationships driving you to further harden your systems and help you sleep at night.

Owned in 60 Seconds. Coming This Summer.

Zack Fasel

Zack Fasel is a seasoned Penetration Tester and Security Consultant with diverse experience serving clients ranging in Fortune 1000s, Enterprises, and SMBs in varying industries. He has delivered hundreds of network, wireless, and social penetration tests and subsequently driven strong defensive remediation strategies as a result. Zack tries to stay closely connected to the local security community in Chicago as the lead for dc312[.org] and as a Co-Founder of THOTCON[.org], Chicago’s local Hacking con. When not focusing his efforts on Infosec, Zack can be found playing the untz untz wubs, taking photos, fending off the ladies, or trying to find the nearest Chipotle. Stalkers can stalk him over at zfasel.com or @zfasel on the twitters. Twitter: @zfasel zfasel.com


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats