Securi-Tay 2017 – Adventures – Pentesting Windows Estates
iSpeech.org
In a world of IoT vulnerabilities and exploits so devastating they have their own marketing teams , it could be very easy to forget the daily threats that organisations really face. Desktop estates, endpoint security and the ever-present threat of users opening attachments.
Whilst not as obviously engaging as Mirai bot, shadow brokers or fuzzy bears, Active Directory security is an often-undervalued area for personal learning by those just starting out in the industry. In a talk aimed squarely at students and those new to security, Gavin will cover the basics of active directory; Domains, forests, trusts, users, computers, organisational units and group policy objects. Once the basics are covered, the talk will dive into some scenarios encountered in the wild by Gavin and his NCC Group colleagues, where simple misconfigurations can have severe consequences. Finally, the talk will cover some of the offensive techniques commonly employed against windows estates, to give budding pen testers, graduates and security enthusiasts some ideas for personal learning to take away from the talk.
About Gavin Holt
Gavin Holt is a Senior Security Consultant from the Technical Security Consultancy division of NCC Group. After graduating, Gavin joined NCC Group as a junior consultant where he spent six months on research and learning from more experienced consultants. A 2014 Abertay University graduate and former VP of the Abertay Ethical Hacking Society, Gavin spends his time using what he learned at Abertay and in the NCC Group graduate scheme to help clients secure their infrastructure and applications from a wide range of threats.. Having previously presented research on Big Data security, Gavin is currently focussed on scaling out the automated gathering of Active Directory information to better allow people to understand the security posture of their estate.
2017-02-27 11:12:19
source
Gloss