A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Not A Security Boundary: Breaking Forest Trusts - Will Schroeder, Lee Christensen Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Not A Security Boundary: Breaking Forest Trusts
Will Schroeder, Lee Christensen
Derbycon 2019

For years, Microsoft has stated that the forest is the security boundary in Active Directory. Many organizations have built their Active Directory trust architectures with this in mind, trusting that the compromise of one forest can not be leveraged to compromise a foreign forest. However, in late 2018 we discovered that this was not the case. By combining a legacy printer protocol "feature" with several architectural flaws in Active Directory, the compromise of one forest could be leveraged to compromise a foreign forest and all resources within it. We will deep dive into the architectural components that enable this trust violation, demonstrate a fully weaponized attack with available tools, and cover the new fundamental fix for this vulnerability Microsoft is pushing out in 2019.

Will Schroeder and Lee Christensen are offensive engineers and red teamers for SpecterOps. Will is the co-founder of various offensive projects including the Veil-Framework, Empire, GhostPack, and BloodHound. He has presented at a number of industry conferences including ShmooCon, BlackHat, DEF CON, Troopers, DerbyCon, BlueHat Israel, and more. Lee enjoys building tools to support red team and hunt operations and is the author of several offensive tools and techniques, including UnmanagedPowerShell (incorporated into the Metasploit, Empire, and Cobalt Strike toolsets) and KeeThief.

@harmj0y, @tifkin_

Back to Derbycon 2019 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast