At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though one in particular caught my eye. Overview Lee figured out and presents a scenario where there’s an account …
Category: Security Conference Presentation/Video
Aug 12 2018
Black Hat & DEF CON Presentation Slides Posted
I just uploaded the slides from my Black Hat & DEF CON talks from the past week in Vegas. They are a bit different with the BH talk more Blue (defensive) and the DC talk mostly Red (Offensive) in focus. Also note that the only real overlap in content is the MFA & password vault …
May 20 2018
NolaCon (2018) Active Directory Security Talk Slides Posted
I recently presented my talk “Active Directory Security: The Journey” at Nolacon in New Orleans, LA. Slides are now posted here. On Sunday, May 19th, 2018, I spoke at NolaCon at 11am. Here’s the talk description: Active Directory is only the beginning. Attackers have set their sights squarely on Active Directory when targeting a company, though …
May 01 2017
BSides Charm (2017) Talk Slides Posted – Detecting the Elusive: Active Directory Threat Hunting
I recently presented my talk “Detecting the Elusive: Active Directory Threat Hunting” at BSides Charm in Baltimore, MD. Slides are now posted in the Presentations section. I cover some of the information I’ve posted here before: PowerShell Security Detecting Kerberoasting: Part 1 and Part 2 On Sunday, April 30th, 2017, I spoke at BSides Charm in …
Sep 27 2016
Some Favorite DerbyCon 6 Talks (2016)
This post is a collection of my favorite and interesting talks from DerbyCon 6 (2016). There were a lot of great talks and as I discover them, I’ll add them here. My goal is to collect and provide the talk videos and slides together for a single, easy reference. I’m sure I missed a few. …
Sep 13 2016
DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack
Next week at DerbyCon 6, Will Schroeder (aka Will Harmjoy, @Harmj0y) & I are presenting on enterprise security, “Attacking EvilCorp: Anatomy of a Corporate Hack.” We call this one the “How You Got Hacked” presentation. The company and events are fictional. The techniques are real. On Saturday, September 24th, 2016, Will & I are speaking …
Recent Comments