It's The Only Way To Be Sure: Obtaining and Detecting Domain Persistence

Presented at DEF CON 23 (2015), Aug. 8, 2015, 1 p.m. (60 minutes).

When a Windows domain is compromised, an attacker has several options to create backdoors, obscure his tracks, and make his access difficult to detect and remove. In this talk, I discuss ways that an attacker who has obtained domain administrator privileges can extend, persist, and maintain control, as well as how a forensic examiner or incident responder could detect these activities and root out an attacker.


Presenters:

  • Grant Bugher - Perimeter Grid
    Grant Bugher has been hacking and coding since the early 90's and working professionally in information security for the last 11 years. He is currently a security consultant and engineer for a cloud service provider, and has previously been an architect, program manager and software engineer on a variety of online services, developer tools and platforms. Grant is a prior speaker at BlackHat and DEF CON and a regular DEF CON attendee since DEF CON 16. Most of his research and work is on cloud computing and storage platforms, application security, and detecting attacks against web-scale applications. Twitter: @fishsupreme Web: http://perimetergrid.com

Links:

Similar Presentations: