Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF) presented at grrcon 2017

by Jerod Brennen,

Summary : With global information security spending rapidly approaching $100 billion, you’d think we’d have a pretty good handle on preventing data breaches by now. However, considering that nearly 1 billion records have been exposed in the 5000+ data breaches publicly disclosed since 2005, you’re probably asking yourself the same question as security and risk management professionals all over the world: How does this keep happening? This presentation will walk you through a penetration tester’s process, step-by-step, as the tester goes from unauthorized outsider to domain admin (without being detected). More importantly, we’ll discuss the fundamental security controls that will shut down attackers time and again.