Explore the anatomy of a corporate hack in this 52-minute conference talk from Derbycon 2016. Delve into advanced attack techniques, including finding source code, enumerating targets, and exploiting local groups. Learn about token theft, subversive profiles, and Kerberos attacks. Discover the intricacies of SID Trust Hopping and Root CID 509. Gain insights into various attack paths and understand essential mitigations to protect against corporate hacking attempts.
Overview
Syllabus
Intro
Finding the source code
Enumerating targets
Get local group
Steal tokens
Subversive profiles
Kerberos
Spin Tickets
SID Trust Hopping
Root CID 509
Mitigations
Introduction
How are you today
Attack Paths
