Active Directory Redteaming : Attacking the backbone of Enterprise environments

Presented at BruCON 0x0A (2018), Oct. 5, 2018, 1:30 p.m. (240 minutes).

This workshop covers attacking an Active Directory environment using built-in tools like PowerShell and other MS signed binaries. Using the assume breach methodology, we start as a normal user in domain and silently work our way up to the highest privileges at the enterprise level. We will focus on not touching disk, abuse of functionality and evading detection mechanisms to avoid detection and still achieve true domain dominance.

Presenters:

  • Nikhil Mittal
    Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, active directory, attack research, defense strategies and post exploitation research. He has 9+ years of experience in red teaming. He specializes in assessing security risks at secure environments, which require novel attack vectors, and "out of the box" approach. He has worked extensively on bypassing active directory detection mechanisms and Offensive PowerShell for red teaming. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences. He has spoken/trained at conferences like Defcon, BlackHat, CanSecWest, BruCON, 44CON and more. He blogs at http://www.labofapenetrationtester.com/

Links:

Similar Presentations: