In this talk, Group Policy expert Darren Mar-Elia (a.k.a. the GPOGUY) looks at Active Directory Group Policy from an attacker’s perspective, illustrating techniques that can be leveraged to gain insight into an organization’s Windows security posture, privileged use and opportunities for compromise. He’ll start by explaining how GP works under the covers, then dig into tools and techniques you can use to take advantage of GP’s “readability” to map out how an organized has deployed security hardening and privileged access, including how you can specifically identify admin tiering and work around it. Then Darren will dig deep into the bowels of GP to show several approaches to exploiting Group Policy, including linking exploits, write-permission/settings abuse, GPT redirection, external paths abuse and some newly documented ideas for abusing GP processing at the client to run arbitrary code. He’ll finish up by presenting some defensive techniques that can be used to harden GP against this kind of abuse.