Beyond the Domain: Exploiting Hidden Critical Assets on Red Teams

Presented at BSidesDC 2017, Oct. 7, 2017, 1:30 p.m. (50 minutes)

No longer can we expect to accomplish all our red team objectives in a flat network consisting entirely of Active Directory-joined hosts. Segregated networks, non-domain joined systems, third-party storage providers, and the growing presence of Unix systems have made exploiting an enterprise much more complicated than simply gaining Domain Admin access. Often, intellectual property, client data, credit card information, and other PII are segregated onto different hosts and environments that cannot communicate with one-another. In this talk, I walk you through the newest methodologies in place to both find and exploit these hidden systems and assets when they are outside the domain.

Presenters:

• Brandon Arvanaghi - Associate Consultant at FireEye
  Brandon Arvanaghi (@arvanaghi) is a security consultant at Mandiant, where he has conducted red team operations against several Fortune 500 companies. At Mandiant, he has written tools for webshell detection and malware sandbox evasion. He has also contributed to several large open-source red teaming tools, including PowerShell Empire. Prior to Mandiant, Brandon conducted research on automated attack plan generation.

Links:

• https://bsidesdc2017.busyconf.com/schedule#activity_592101d4392ad5d6af000164
• https://www.youtube.com/watch?v=2pwT3rFGbxs

Similar Presentations:

• THOTCON 0x8 (2017) / Finding Your Way to Domain Admin Access and Even So, the Game Isn't Over Yet.
• BSidesLV 2016 / Six Degrees of Domain Admin - Using BloodHound to Automate Active Directory Domain Privilege Escalation Analysis
• DEF CON 24 (2016) / Six Degrees of Domain Admin - Using Graph Theory to Accelerate Red Team Operations