So You Think Your Domain Controller Is Secure?

I gave a presentation at Defcon 21 on gaining domain admin by abusing commonly used management software:

https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Hendricks

The talk discussed domain controller isolation principles and how commonly used management software like System Center Operations Manager (SCOM), Out-of-band management devices (ex. HP iLO), Hyper-V, and security scanners can be abused in order to gain access to domain controllers.

Here are the slides and videos from the talk:

Download (PPTX, 1.19MB)

Using System Center Operations Manager To Start a Reverse Shell and Dump Domain Hashes:

Using HP Integrated Lights Out To Boot Into a Linux Live Disc and “Sticky Key” the Server:

Using System Center Operations Manager To Run Executable On Monitored Server To Dump Hashes:

Using System Center Operations Manager SDK to Run Arbitrary Commands On Monitored Servers:

2 thoughts on “So You Think Your Domain Controller Is Secure?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>