All roads lead to domain admin, a part of a presentation series: From breach to C.D.E. Part I

SecTor 2016

Presented by: Yannick Bedard
Date: Tuesday October 18, 2016
Time: 10:15 - 11:15
Location: 803
Track: Security Fundamentals

The focus of this talk is to give an idea of how skilled attacker’s methods are different from the traditional exploits used in order to take control of networks. The idea is to show both old school and new school methods used by attackers and red teams that go from initial breach to domain admin, as well as how to remediate or mitigate these attacks. This includes various ways to perform man in the middle attacks (LLMNR, NBT-NS, ARP spoof, etc.), performing effective traffic monitoring and manipulation, cracking Windows password-based network authentication protocols (or relaying them), dumping GPO scripts and passwords, abusing the Kerberos protocols to get free password hashes, automating derivative local admin exploitation, and capturing/analyzing PXE network bootable images and more.

The goal of this talk is to not only help system administrators and defenders learn what to expect from non-skiddy attackers, but to also understand how to properly prepare for them since most of the techniques shown in this talk are not captured by most IDS or IPS. Penetration testers will be interested in seeing different methods to take over networks without using vulnerability scanners.

Links

Yannick Bedard

Yannick Bedard has been a full time penetration tester for nearly two years, doing both web penetration tests, mobile and network tests. During the last year, Bedard has spent a lot of time specializing in red teaming and Active-Directory-Oriented pentesting. He participates in ctfs online and offline, was part of the winning team of Northsec in 2014 and second place in 2015.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats