DOMAINNAMESTUPIDITY
THISTALKDEMONSTRATESALARGEHOLEININTERNALSECURITY,BASEDONTESTSPERFORMEDONAWIDE VARIETYOFCLIENTS.TOOOFTEN,DNSISOVERLOOKED,ANDIMPROPERLOGGINGANDMONITORINGLEADSTOA
PLETHORAOFATTACKVECTORS.THISTALKWILLALSODEMOANEWTOOL,WHICHABUSESDNSLOOKUPSOF ARBITRARY(NONEATTACKERCONTROLLED)DOMAINSTOPROVEDANGEROUSEXFILTRATIONATTACKSARE
POSSIBLEAGAINSTEVENTHEMOSTSECUREOFNETWORKS.BETTER,ITALSOSHOWSSOMENOVELWAYSOF
FIXINGTHISISSUEONLARGESCALENETWORKS.HOPEFULLYUSEFULLYFORREDANDBLUEALIKE.
THEOSINTKILLCHAIN
WEWILLINGLYSHAREIMMENSEPERSONALINFORMATIONABOUTOURSELVESONLINEDISREGARDINGTHE CONSEQUENCESOFSUCHACTIONS.PRIVACYISNOWAWORDWEBOUNDAROUNDWHILSTSIMULTANEOUSLY SHARINGWITHTHEWORLDEVERYASPECTOFOURLIVESWITHNOSECONDTHOUGHT.SOCIALMEDIA,PUBLIC DATABASESANDBREACHDUMPSAREATREASURETROVEOFINFORMATION.FROMACCOUNTTAKEOVERS, TARGETEDPHISHINGCAMPAIGNS,FRAUD,STALKINGANDBLACKMAILWE’LLSEEHOWTHREATACTORSCAN PUTTHEJIGSAWPIECESABOUTUSTOGETHERTOCREATEADETAILEDATTACKPROFILE.
THISISATHOUGHTPROVOKINGLOOKATHOWMUCHPERSONALINFORMATIONWESHAREANDEXPLORATORY LOOKATHOWTHISCANBEUSEDINTARGETEDCAMPAIGNS.DURINGTHETALKATTENDEESWILLLEARNWHAT TYPEOFPERSONALINFORMATIONISATTAINABLEBYOSINT.WORKFLOWOFANINVESTIGATIONINTOATARGET (USINGMYSELFASANEXAMPLE)SCENARIOSOFHOWTHREATACTORSCOULDUTILISETHISDATAWITHREAL WORLDEXAMPLES.
DUDECHECKYOURPRIVILEGE!:PRIVILEGEDACCOUNTMANAGEMENTSOLUTIONSAND
HOWTHEYCOULDEITHERBECOMEYOURBESTIEORTOTALLYRUINYOURDAY.
ALTHOUGHPAMSOLUTIONSAREUNABLETOPROTECTANORGANIZATIONJUSTBYTHEMSELVES,THEYDEFINITELYPLAYAN IMPORTANTPARTWHENITCOMESTOSECURITYCONTROLS.ADISCUSSIONOFHOWBESTPRACTICESCANPROVIDEADEFENSEIN DEPTHLAYERORHANDATTACKERSTHEKEYSTOTHEKINGDOMONASILVERPLATTER.INTHISTALK,IWILLDISCUSSBEST PRACTICESFORUTILIZINGPAMSOLUTIONSTOENHANCEOVERALLSECURITYANDAVOIDINADVERTENTLYEXPOSINGSENSITIVE ASSETSTOATTACKERS.OUTLINE:-WHOAMI-THEBOOKOFSAND(SHORTSTORYTOBREAKTHEICE.WHENSOMETHINGCOULDBE HARMFUL,YOUHAVETOKEEPITSAFESOITCAN’TBEMISUSED).-WHAT’SAPAM-WHATDOWENEEDTHEMFOR?-CLOUDVSON PREM-ADDITIONALFEATURES-COMMONUSECASES-HOWAPAMPLAYEDAROLEINTHEUBERHACK.-CORECOMPONENTSOFA PAM-DOSANDDONT'S-ONECOMMONMISCONCEPTIONABOUTPAMSFINALNOTES:ENUMERATEYOURASSETS:MOREASSETS= BIGGERTARGETBIGGERTARGET=BIGGERCHANCESOFYOUGETTINGCOMPROMISEDNO,SERIOUSLY.ENUMERATEYOURASSETS (HARDCODEDPASSWORDSDISASTER).ESTABLISHAGOODROTATIONPOLICY(EXPLAINWHYTHISISIMPORTANTANDWHYLACKOF THISPRACTICEISAPENTESTER’STEENAGEDREAMCOMETRUE).REVIEWPERMISSIONS(EVERYORGANIZATIONISDIFFERENT).DON’T EXCLUSIVELYRELYONYOURPAMSOLUTIONTOSAVETHEDAY(DEFENSEINDEPTH,PROVIDEEXAMPLES).
11:00AM-12:00PM
ARETHOSELASTHIGHPRIVILEGEHASHESSTILLELUDINGYOUAFTERYOU’VEEXHAUSTEDYOURUSUAL ATTACKS?INTHISTALKWE’LLLOOKATSOMECREATIVEANDUNORTHODOXPASSWORDCRACKING TECHNIQUESANDATTACKCHAINSTHAT’LLENABLEYOUTOATTACKLONGERPASSWORDS,DELIMITED PASSPHRASES,EMOJISANDEVENUSINGHASHESTOCRACKHASHES!WE’LLALSOEXPLORESOMELESSER KNOWNRULEINSERTIONTECHNIQUES,ASWELLASWAYSTOIDENTIFYREDUNDANTANDNON-EXECUTING RULESTHATWILLHELPOPTIMISEYOURATTACKS.
13:00PM-13:55PM
CVSSHASABADREPUTATION.BUTIFEELDIFFERENTLY.WHENUSEDCORRECTLYITCANBECOMEAN INCREDIBLYHELPFULTOOL.INTHISTALKIWILLDISCUSSSOMEOFTHECOMMONMISTAKESORGANISATIONSDO WHENITCOMESTOCVSS,SOMEOFTHETHINGSTHATORGANISATIONSSHOULDDOASWELL.IWILLALSOCOVER THENEWCVSSVERSION(VERSION4)THATISDUETOWARDSTHEENDOFTHEYEAR.FINALLYIWILLALSOCOVER OTHERSOURCESTHATCANBEUSEDINCONJUNCTIONWITHCVSSSCORINGTOHELPFORMABETTERPICTUREOF
THEACTUALRISKTHATAVULNERABILITYPOSESTOANORGANISATION.
SEANWRIGHT
PRINCIPALAPPLICATION
SECURITYENGINEERAT
FEATURESPACE
14:00PM-15:00PM
SLIPPINGTHENET:QAKBOT,EMOTETANDDEFENSEEVASION
QAKBOTANDEMOTETHAVEACLEARWAYONTOSYSTEMSVIAEMAILANDAGOALINMINDONCETHEYARE THERE,BUTTHEYARECONSTANTLYTWEAKINGTHESTEPSINBETWEEN.WEWILLLOOKATABRIEFHISTORYOF BOTHGROUPSANDRECENTEXAMPLESOFHOWTHEYIMPLEMENTDEFENSEEVASIONINTHEIRATTACK CHAINS.
CIANHEASLEY
THREATTEAMLEADAT
ADARMASECURITY
15:05PM-16:00PM
HARNESSINGTHEPOWEROFCOLLABORATION:BUILDINGASTRONGER
CYBERSECURITYCOMMUNITYFORASAFERDIGITALFUTURE
THISTALKISTOEMPHASISETHECRITICALIMPORTANCEOFCOMMUNITYANDCOLLABORATIONONAGLOBAL SCALEFORTHREATINTELLIGENCEANDTHECYBERSECURITYCOMMUNITY.ITHIGHLIGHTSTHEESCALATING CYBERTHREATSWEFACEANDEMPHASISESTHENEEDFORUNITYANDTEAMWORKTOCOMBATTHESE CHALLENGESEFFECTIVELY.THETALKEXPLORESTHEBENEFITSOFCOMMUNITYANDCOLLABORATION, INCLUDINGENHANCEDTHREATINTELLIGENCECAPABILITIES,FOSTERINGINNOVATION,BUILDINGRESILIENCE, ANDPROMOTINGSHAREDRESPONSIBILITY.THEAUDIENCEWILLGAININSIGHTSINTOTHEPOWEROFWORKING
TOGETHERTOCREATEASAFERDIGITALFUTURE.
BSIDESCAMBRIDGE:CHOOSEYOUROWNTALK
CAREERADVICE,WARSTORIES,OPINIONSANDINTERACTION.THISTALKGIVESTHEAUDIENCETHEABILITYTO CHOOSEFROMSEVERALTOPICS(9+)FORANINTERACTIVETALKONTHOSETOPICS:WILLAISTEALMYJOB? WHATTOWEARTOWORK,WORSTINCIDENTEVER,WHATTHEHELLISRISKANDWHYDOPEOPLEKEEPGOING ONABOUTIT,,REDTEAMORBLUETEAMDEGREESANDCERTS-AHIRINGMANAGERSPERSPECTIVE,FAVOURITE TOOL,INCIDENTRESPONSEPLANS-HOWMANYDOINEED,WHATMAKESAGOODSOCANALYSTHOWDOI MAKEITLIKEMEPROFITINGFROMFEARANDMISERYANDMORE(IFTHEREAREANYTHEMESORLINKSYOU’D LIKETOBEDISCUSSEDDROPMEALINE).
THEDOOR'SOPEN
THERE'SALOTOFTALKABOUT'BREAKINGIN'TOCYBERSECURITY.DOZENSOFINFLUENCERS(SOMEWELL INTENTIONED,SOME...LESSSO)TALKABOUTHOWTOSTARTACAREER.THEREAREREAMSOFUNFILTEREDTIPS ANDADVICE.NEWCERTIFICATESCOMEOUTEVERYWEEK.WEEVENHAVEPEOPLECHARGINGFORMENTORING.
THISTALKISN'TPURELYACRITICALLOOKATALOTOFTHEADVICEOUTTHEREABOUTBREAKINGIN,IT'SMORE USEFULLYALOOKATHOWPEOPLEREALLYSTARTTHEIRCYBERSECURITYCAREER.THEHONESTFACTISTHAT IT'SNEITHERASHARD,NORASEASY,ASMOSTOFTHELINKEDINFLUENCERSCHASINGCLOUTCLAIM.WE'LLLOOK ATANUMBEROFPROVENMETHODS,THESHEERSCOPEOFTHECYBERSECURITYFIELD(ANDWHY,JUSTMAYBE, YOUSHOULDBELOOKINGMOREATSECURITYTHANCHASINGTHECYBERDREAM),ANDASKSOMETOUGH QUESTIONSABOUTTHEADVICEGIVENBYLINKEDINFLUENCERS.
JAMESBORE
10:45AM-11:15AM
LEVELLINGTHEEMPLOYMENTPLAYINGFIELDWITHTECHNOLOGY
MYTALKWILLBEABOUTUSINGTECHNOLOGYTOEQUALISETHEPLAYINGFIELDINTECH.WHETHERITBEAT THERECRUITMENTSTAGESORREASONABLEADJUSTMENTSFORADISADVANTAGEDEMPLOYEE.WHAT TECHNOLOGYISOUTTHERE,READYFORUSE,THATWECANTAKEADVANTAGEOFINORDERTOENSURETHE THEREARENOINEQUITIESINTECH?IT'SONETHINGTOSAYWEWANTDIVERSITYBUTWHATAREWEDOINGTO ENSURETHATOURDIVERSECANDIDATESA.BECOMEEMPLOYEES,ANDB.BECOMESUCCESSFULINTHEIR ROLE.
11:15AM-12:15PM
WHYCYBERSUCKS
FROMTERRIBLEHIRINGPRACTICES,TOUNREALISTICJDS,TOHIGHBARRIERSTOENTRYFORASPIRINGCYB PROFESSIONALS,THEFIELDOFCYBERSECURITYCANREALLYSUCK!IWANTTOHAVEAREALDISCUSSIO AROUNDSOMEOFTHEPITFALLSOFGETTINGINTOTHEINDUSTRYANDTHENDISCUSSWITHTHEAUDIENCET PERSPECTIVESANDEXPERIENCES.SLIGHTLYSARCASTIC,IRREVERENT,ANDTONGUEINCHEEK,IAMKNOW
KEITHPRICE
SECURITYLEADER
13:15PM-14:00PM
YOUDON'TNEEDACALENDARTOTELLYOUWHENTOTEST ASSETSCHANGEFARMORETHANONCEAYEAR,SOIT'STIMETODETACHSECURITYVULNERABILITIESFROM EARTH'SCELESTIALMOTIONSANDTOBREAKFREEFROMTRADITIONAL,PERIODICTESTING.THISSESSION EXPLORESTHEIMPERATIVESHIFTTOWARDSCONTINUOUSTESTING,SEVERINGTIESWITHOUTDATEDANNUAL POINT-IN-TIMEASSESSMENTS,SOYOUCANFOCUSONTESTINGTHEONLYTHINGTHATREALLYMATTERS: CHANGES.
THOMASBALLIN
CO-FOUNDERATCYTIX
14:15PM-14:30PM
WHYYOUSHOULDSTAY
AFTER10YEARSATCOALFIRE,AND20+YEARSINTHEINDUSTRY.ITSIMPORTANTTOUNDERSTANDHOWTOGET INTOTHECYBERSECURITYCOMMUNITY.HOWEVERFORMANYITSASIMPORTANTTOUNDERSTANDHOWTO STAY.THEINDUSTRYISAWASHWITHBURNOUTANDFATIGUE,CYNICSANDBOXCHECKERS.I'LLSHARESOME TIPSWITHHANGINGON,BUILDINGSOMERESILIENCE-ANDCAREERMANAGEMENTONCETHESHINEISLESS SHINY:)PIVOTINGTOLEADERSHIPANDUNDERSTANDINGPLAYINGTOYOURSTRENGTHSASASECURITY PROFESSIONAL.
AVOIDINGTHEPITFALLS:HOWNOTTOBEAREDTEAMER REDTEAMINGISANESSENTIALCOMPONENTOFMODERNCYBERSECURITY,WHERETEAMSSIMULATEATTACKS
ONANORGANISATIONTOIDENTIFYVULNERABILITIESANDSTRENGTHENDEFENCES.HOWEVER,THERED TEAMINGAPPROACHCANBEMISUSEDORCAUSEUNINTENDEDHARMIFNOTCONDUCTEDPROPERLY.INTHIS TALK,IWILLDISCUSSTHECOMMONPITFALLSTHATREDTEAMERSFACE,ANDHOWTOAVOIDTHEM.IWILL DELVEINTOTOPICSSUCHASETHICALCONSIDERATIONS,EFFECTIVECOMMUNICATION,ANDAPPROPRIATE SCOPEDEFINITION.ATTENDEESWILLGAINABETTERUNDERSTANDINGOFHOWTOCONDUCTREDTEAMING EXERCISESWITHCAREANDRESPONSIBILITY,WITHOUTCOMPROMISINGTHEINTEGRITYOFTHEORGANISATION THEYAREWORKINGWITH.
16:05PM-17:00PM
EXPLORINGHOWAICANHELPWITHREVERSEENGINEERINGOF APPLICATIONBINARIES
THISTALKCONSIDERSHOWAICANBELEVERAGEDTOIMPROVEREVERSEENGINEERING(ORSTATICANALYSIS)
WORKFLOWSONSTRIPPEDAND/OROBFUSCATEDBINARIES.WEBEGINWITHAGENTLEINTRODUCTIONTOA COMMONREWORKFLOW,DISCUSSHOWDIFFERENTAI/MLARCHITECTURESCANBEUSEDTOASSISTOUR ANALYSIS,ANDFINISHWITHAWORKEDEXAMPLEOFHOWTHESETECHNIQUESCANBEUSEDFORTASKSLIKE BINARYFUNCTIONIDENTIFICATION.
AIVS.HACKERS:UNMASKINGTHECYBERBATTLEOFTHEFUTURE
JOINMEATBSIDESCAMBRIDGEFORAMIND-BLOWING10-MINUTEJOURNEYINTOTHECAPTIVATINGWORLD OF"AIVS.HACKERS:UNMASKINGTHECYBERBATTLEOFTHEFUTURE."GETREADYTOBETHRILLED, ENTERTAINED,ANDENLIGHTENEDASWEEXPLORETHEINTRIGUINGINTERSECTIONOFARTIFICIAL INTELLIGENCEANDTHEMISCHIEVOUSANTICSOFHACKERS.TOGETHER,WE'LLUNRAVELTHESECRETS,UNVEIL THELATESTCYBERTRICKS,ANDDISCOVERHOWWECANTRIUMPHINTHISEXHILARATINGDIGITAL SHOWDOWN.DON'TMISSOUTONTHISELECTRIFYINGADVENTUREOFWIT,HUMOR,ANDCUTTING-EDGE CYBERSECURITY.SECUREYOURSPOTNOWANDBEPARTOFTHEFUTURE-DEFININGBATTLETHATLEAVESNO ROOMFORSECONDPLACE.
THISTALKOFFERSAUNIQUEPERSPECTIVEONTHEINTERSECTIONOFCRITICALTHINKING,AI,AND CYBERSECURITYINNOVATION,FOCUSINGONADVANCEDPERSISTENTTHREATS(APTS)CASESTUDY.IT
SHOWCASESTHEPOTENTIALOFAIANDTHEIMPORTANCEOFCRITICALTHINKINGINSHAPINGTHEFUTUREOF CYBERSECURITYRESEARCH.
ALSATIBBIT
ASSOCIATELECTURERAT
SHEFFIELDHALLAMUNIVERSITY
10:15AM-10:45AM
AIINTHESHELL:AUTOMATINGNETWORKSCANNING&REPORTINGWITHLLMS
MATTADAMS
SECURITYARCHITECT, SANTANDERUK
10:50AM-11:20AM
INTHISTALK,WEWILLEXPLORETHEINNOVATIVEINTERSECTIONOFARTIFICIALINTELLIGENCEAND CYBERSECURITY,DEMONSTRATINGHOWLANGUAGEMODELS(LLMS)CANBEHARNESSEDTOAUTOMATETHE TRADITIONALLYLABOR-INTENSIVETASKSOFNETWORKSCANNINGANDREPORTGENERATION.WEWILLDELVE INTOTHEFUNCTIONALITYOFANOVELTOOL,SCAN2REPORT,WHICHUSESLLMSTOINTERPRETNATURAL LANGUAGEDESCRIPTIONSOFDESIREDSCANS,EXECUTETHESESCANSUSINGTOOLSLIKENMAPANDNIKTO, ANDSUBSEQUENTLYGENERATECOMPREHENSIVE,HUMAN-READABLEREPORTSOFTHERESULTS.THE DISCUSSIONWILLENCOMPASSBOTHAHIGH-LEVELOVERVIEWOFHOWAI,SPECIFICALLYLLMS,CANBE APPLIEDTOCYBERSECURITYTASKS,ANDADEEPDIVEINTOTHEPRACTICALWORKINGSOFTHESCAN2REPORT TOOL.WEWILLDEMONSTRATEALIVEDEMOOFSCAN2REPORT,ILLUSTRATINGHOWITSIMPLIFIESNETWORK SCANNINGANDREPORTING,WHILEALSOPROVIDINGVALUABLEINSIGHTSFROMTHESCANS.THISTALKIS DESIGNEDFORCYBERSECURITYPROFESSIONALS,AIENTHUSIASTS,ANDANYONEINTERESTEDINTHEFUSION OFTHESETWODYNAMICFIELDS.PRIORKNOWLEDGEOFAIORCYBERSECURITYTOOLSISHELPFUL,BUTNOT REQUIRED,ASTHETALKWILLPROVIDEANUNDERSTANDINGOFTHECORECONCEPTSINVOLVED.
"DINOSAURCODESANDAIBONES:ALIGHT-HEARTEDEXPEDITIONINTO CYBER-PALEONTOLOGYFORNEXT-GENCYBERSECURITYINNOVATION"
DETECTINGNETWORKBEACONINGWITHCONVOLUTIONALNETWORKS ANDZEEKLOGS
WEWILLINTRODUCEAROBUSTAPPROACHTODETECTNETWORKBEACONINGACROSSDNS,SSL,ANDHTTP USINGZEEKLOGS.WEWILLSTARTBYANALYZINGPATTERNSEXHIBITEDBYC2FRAMEWORKSSUCHAS METERPRETER,EMPIRE,SLIVER,ORCALDERA.THEWIDERANGEOFOBSERVEDBEHAVIORSWILLMOTIVATEA MACHINELEARNINGAPPROACHTHATCONSISTSINA)GENERATINGSYNTHETICDATATHATACCOUNTSFOR DIFFERENTBEACONINGFREQUENCIES,JITTERING,ANDLATENCIES,ANDB)TRAININGACONVOLUTIONALNEURAL NETWORKTHATANALYZESTHEINTERVALSBETWEENACTIVITIES.FINALLY,WEWILLSHOWCASEREAL-WORLD DETECTIONSANDEQUIPTHEAUDIENCEWITHALLTHETOOLSNEEDEDTOAPPLYTHEAPPROACHTOTHEIRDATA.
IGNACIOARNALDO(NACHO)
DATASCIENTISTATCORELIGHT
11:30PM-12:15PM
Q&ATHEPITFALLSANDPOSSIBILITYWITHAIINCYBERSECURITY
ANOPENASKMEANYTHINGABOUTTHEIMPLICATIONSOFAIFORCYBERSECURITY
BRINGYOURQUESTIONSFORTHISINTERACTIVESESSION
IKNOWU:SNIFFINGAIRTAGPROTOCOLINTOWN
LEVERAGINGOPENSOURCEHARDWAREFORBLESNIFFINGTOIDENTIFYTHEPRESENCEOFAIRTAGPROTOCOL, ANDTOENUMERATEAPPLES’SBLEUSAGE.THINKWARDRIVINGFORIOSDEVICES.
DIEGOPORRAS
13:55PM-14:30PM
CHAOSCREATEDBYDLLBEHAVIOUR-UNDERTHELENSOFASOCANALYST DLLHIJACKINGTECHNIQUESENABLETHEEXECUTIONOFMALICIOUSCODEBYMISUSINGTHETRUSTCHAINOF THEWINDOWSOPERATINGSYSTEM.USER-SPACEEXPLOITDETECTIONANDDEFENSIVEMEASURESPROVIDED BYAVANDEDRSOLUTIONSMAYNOTALWAYSBEEFFECTIVEATDETECTINGSUCHACTIVITYRIGHTOUTOFTHE BOXANDMAYNOTIMMEDIATELYSTOPTHEEXECUTIONOFUNTRUSTEDCODE.THEREARENUMEROUS EXAMPLESOFTHREATACTORSTHATHAVEBEENSEENTOLEVERAGEDLLHIJACKINGTOACHIEVETHEIR OBJECTIVES.DURINGTHESESSION,WEAREGOINGTOEXPLORESEVERALEXAMPLESTHATCHALLENGEDTHE SOCANALYST'SDECISION-MAKINGABILITYWHENVERIFYINGTHELEGITIMACYOFADLLFILE.
ARBITRARYCODE&FILEEXECUTIONINR/OFS–AMIWRITE?
INCONTAINERIZEDENVIRONMENTS,SUCHASKUBERNETESCLUSTERS,READ-ONLYFILESYSTEMSAREVIEWED
ASANADDITIONALLAYEROFDEFENSE,ASTHEYALLOWFORBETTERCONTROLANDMANAGEMENTOF CONTAINERIZEDAPPLICATIONS.IMMUTABLECONTAINERSARECONSISTENTANDPREDICTABLE,MAKING COMPLIANCEANDAUDITINGSIMPLER,ANDALLOWINGFORMOREACCURATETHREATDETECTION.THEYARE ALSOEASILYREPLICATEDTOENSUREHIGHAVAILABILITYANDCANBEROLLEDBACKWITHEASEWHEN NECESSARY.INTHISTALKIWILLPRESENTMYRESEARCHONBYPASSINGWRITEANDEXECUTIONRESTRICTIONS
TOULTIMATELYEXECUTEARBITRARYCODEANDEXECUTABLEFILESINREAD-ONLYFILESYSTEMS.THETHREE
METHODSIUSEDTOSUCCESSFULLYEXECUTEARBITRARYCODEWILLBECOVEREDANDDEMONSTRATEDLIVE.
WEWILLTHENCOVERWAYSTOREMEDIATETHESEATTACKSWHEREPOSSIBLEANDMONITOR&ALERTWHERE THEYARENOT.
GOLANMYERS
15:00PM-15:30PM
METHODSOFLATERALMOVEMENTUSINGWINDOWSOPENSSH
WINDOWS'RECENTPORTSOFOPENSSHALLOWSADMINSTOACCESSTHEIRWINDOWSESTATEWITHTHE SAMETOOLSASTHEIRLINUXESTATE.THISTALKWILLSHOWHOWAMISCONFIGUREDWINDOWSSSHSERVICE COMBINESTHEWORSTCASESCENARIOSOFBOTHADANDSSHANDCANEVENALLOWTHETHEFTOF PLAINTEXTDOMAINCREDENTIALS.THOSEWELL-VERSEDINACTIVEDIRECTORYEXPLOITATIONWILLSEEHOW AFEWOLDFAVOURITETECHNIQUESCANBEWEAPONISEDINANEWCONTEXT,ANDHOWTHEPARTICULAR QUIRKSOFWINDOWSOPENSSHCANMAKETHEMEVENMOREPOTENT.
DEMONSTRATINGNOVELMETHODSOFFINDINGANDEXPLOITINGEXPOSEDCLOUD