This talk focuses on common methods, techniques, and tools employed by penetration testers and attackers after compromising a Windows system. Live demos will be included to demonstrate the concepts of escalating privileges, moving laterally and expanding, and establishing persistence in a Windows environment. Tools demonstrated will include: Metasploit/Meterpreter (as a base for the attack) as well as Hashcat, Netcat, Mimikatz (for post-exploitation) and others will be touched on or mentioned. The purpose of this talk is to serve as an introduction into the concept of Windows post-exploitation as well as to explore technical aspects regarding the Windows operating system and the tools used to exploit its flaws.
Audience: Information security students and those interested in learning about Windows internal security
I am a Delaware Tech Terry campus graduate (Information Security), current Wilmington University student (Computer & Network Security), and second-time speaker at a security conference. I have been attending security conferences and competitions since the start of my time at Delaware Tech including events such as BSidesDE/DC/NOVA/Charm, ShmooCon, CCDC, SANS NetWars, and USCC training camps. I look forward to giving another presentation at BSides Delaware and giving back to the community I’ve spent the last 4 years of my life being a part of.