filmov
tv
Exploiting Windows Group Policy for Reconnaissance and Attack
Показать описание
In this talk, Group Policy expert Darren Mar-Elia (a.k.a. the GPOGUY) looks at Active Directory Group Policy from an attacker’s perspective, illustrating techniques that can be leveraged to gain insight into an organization’s Windows security posture, privileged use and opportunities for compromise. He’ll start by explaining how GP works under the covers, then dig into tools and techniques you can use to take advantage of GP’s “readability” to map out how an organization has deployed security hardening and privileged access, including how you can specifically identify admin tiering and work around it. Then Darren will dig deep into the bowels of GP to show several approaches to exploiting Group Policy, including linking exploits, write-permission/settings abuse, GPT redirection, external paths abuse and some newly documented ideas for abusing GP processing at the client to run arbitrary code. He’ll finish up by presenting some defensive techniques that can be used to harden GP against this kind of abuse.
Speaker Bio: A 14-year Cloud and Datacenter Microsoft MVP, Darren has a wealth of experience in Identity and Access Management and was the CTO and founder of SDM software, a provider of Microsoft systems management solutions. Prior to launching SDM, Darren held senior infrastructure architecture roles in Fortune 500 companies and was also the CTO of Quest Software. As a Microsoft MVP, Darren has contributed to numerous publications on Windows networks, Active Directory and Group Policy, and was a Contributing Editor for Windows IT Pro Magazine for 20 years.
0:00 Introduction
0:09 Exploiting Windows Group Policy for Reconnaissance and Attack
4:44 What is Windows Group Policy?
8:08 The Two Pieces of the GPO: The GPC
8:43 The Two Pieces of the GPO: The GPT
9:13 GP Processing Under the Hood
15:39 GP Targeting
21:20 Tools for Reconnaisance
25:12 Attack Path: GP Preferences Passwords
27:40 Attack Path: GPO Settings
29:34 Attack Path: GPO Links
34:31 Attack Path: External Paths
35:53 Attack Path: GPT Redirection
37:11 Attack Path: ADMX Abuse
38:03 Attack Path: Starter GPO Abuse
38:33 Reconnaisance Defense
41:48 Hardening Against Attack: External Paths
Speaker Bio: A 14-year Cloud and Datacenter Microsoft MVP, Darren has a wealth of experience in Identity and Access Management and was the CTO and founder of SDM software, a provider of Microsoft systems management solutions. Prior to launching SDM, Darren held senior infrastructure architecture roles in Fortune 500 companies and was also the CTO of Quest Software. As a Microsoft MVP, Darren has contributed to numerous publications on Windows networks, Active Directory and Group Policy, and was a Contributing Editor for Windows IT Pro Magazine for 20 years.
0:00 Introduction
0:09 Exploiting Windows Group Policy for Reconnaissance and Attack
4:44 What is Windows Group Policy?
8:08 The Two Pieces of the GPO: The GPC
8:43 The Two Pieces of the GPO: The GPT
9:13 GP Processing Under the Hood
15:39 GP Targeting
21:20 Tools for Reconnaisance
25:12 Attack Path: GP Preferences Passwords
27:40 Attack Path: GPO Settings
29:34 Attack Path: GPO Links
34:31 Attack Path: External Paths
35:53 Attack Path: GPT Redirection
37:11 Attack Path: ADMX Abuse
38:03 Attack Path: Starter GPO Abuse
38:33 Reconnaisance Defense
41:48 Hardening Against Attack: External Paths
0:43:02
0:11:12
0:55:23
0:11:59
0:18:52
0:48:34
0:04:14
0:02:49
0:15:16
0:12:35
0:02:51
0:27:05
0:27:39
0:01:31
0:39:46
0:09:11
0:10:40
0:08:12
0:26:14
0:14:29
0:08:49
0:14:01
0:02:56
0:23:34