Get-$pwnd: Attacking Battle-Hardened Windows Server

Presented at DEF CON 25 (2017), July 29, 2017, 10 a.m. (20 minutes)

Windows Server has introduced major advances in remote management hardening in recent years through PowerShell Just Enough Administration ("JEA"). When set up correctly, hardened JEA endpoints can provide a formidable barrier for attackers: whitelisted commands, with no administrative access to the underlying operating system. In this presentation, watch as we show how to systematically destroy these hardened endpoints by exploiting insecure coding practices and administrative complexity.

Presenters:

• Lee Holmes - Principal Security Architect, Microsoft
  Lee Holmes is the lead security architect of Microsoft's Azure Management group, covering Azure Stack, System Center, and Operations Management Suite. He is author of the Windows PowerShell Cookbook, and an original member of the PowerShell development team.

Links:

• https://defcon.org/html/defcon-25/dc-25-speakers.html#Holmes
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Lee Holmes - Get-$pwnd- Attacking Battle-Hardened Windows Server.mp4
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Lee Holmes - Get-$pwnd- Attacking Battle-Hardened Windows Server.srt (subtitles)
• https://www.youtube.com/watch?v=ahxMOAAani8

Similar Presentations:

• Still Hacking Anyway (SHA2017) / Gentoo hardened install party: With guidance hard becomes doable.