Explore a PowerShell-based toolkit that exploits Windows Desired State Configuration (DSC) for malicious purposes in this Black Hat conference talk. Learn the fundamentals of DSC, Microsoft's advanced enterprise management technology, and discover how attackers can manipulate it. Follow a step-by-step guide on using the DSCompromised framework to establish a command-and-control server, create payloads, infect targets, and even reinfect remediated systems. Gain insights from both offensive and defensive perspectives, including techniques for detecting and investigating DSC abuse on compromised systems. Benefit from source code examples and live demonstrations of various attack scenarios in this 59-minute presentation by Ryan Kazanciyan and Matt Hastings.
Overview
Syllabus
DSCOMPROMISED: A Windows DSC Attack Framework
Taught by
Black Hat