Events

Black Hat Talks & Papers related to Windows/Active Directory Security

This year’s Black Hat US saw a number of quite interesting talks in the context of Windows or Active Directory Security. For those of you too lazy to search for themselves 😉 and for our own Windows/AD Sec team (who couldn’t send anyone to Vegas due to heavy project load) I’ve compiled a little list of those.

Paul Stone & Alex Chapman: WSUSPect – Compromising the Windows Enterprise via Windows Update
Slides here.
Whitepaper here. (Attention: on the BH website there’s an older this. the above link leads to the latest one).

Jonathan Brossard & Hormazd Billimoria: SMBv2
Whitepaper here.

Sean Metcalf: Red vs. Blue: Modern Active Directory Attacks, Detection & Protection
Slides here.
Whitepaper here.

Seth Moore & Baris Saydag: Defeating Pass-the-Hash. Separation of Powers
Slides here.
Whitepaper here.

Matt Graeber: Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless Backdoor
Slides here.
Whitepaper here.

Collin Mulliner & Matthias Neugschwandtner: Breaking Payloads with Runtime Code Stripping and Image Freezing
Slides here.
Whitepaper here.

===

There’s no slides/whitepapers yet for these two:

Alex Ionescu: Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture (I sat in that one. was quite interesting stuff).
James Forshaw: Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities.

You might check the BH Briefings website for updates once those become available.

On a somewhat unrelated note, mostly for German readers: the “Hardening Microsoft Environments” workshop we initially gave at Troopers15 is now available via our training provider.

Have a great weekend everybody

Enno

Comments

Leave a Reply

Your email address will not be published.