This year’s Black Hat US saw a number of quite interesting talks in the context of Windows or Active Directory Security. For those of you too lazy to search for themselves 😉 and for our own Windows/AD Sec team (who couldn’t send anyone to Vegas due to heavy project load) I’ve compiled a little list of those.
Paul Stone & Alex Chapman: WSUSPect – Compromising the Windows Enterprise via Windows Update
Slides here.
Whitepaper here. (Attention: on the BH website there’s an older this. the above link leads to the latest one).
Jonathan Brossard & Hormazd Billimoria: SMBv2
Whitepaper here.
Sean Metcalf: Red vs. Blue: Modern Active Directory Attacks, Detection & Protection
Slides here.
Whitepaper here.
Seth Moore & Baris Saydag: Defeating Pass-the-Hash. Separation of Powers
Slides here.
Whitepaper here.
Matt Graeber: Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless Backdoor
Slides here.
Whitepaper here.
Collin Mulliner & Matthias Neugschwandtner: Breaking Payloads with Runtime Code Stripping and Image Freezing
Slides here.
Whitepaper here.
===
There’s no slides/whitepapers yet for these two:
Alex Ionescu: Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture (I sat in that one. was quite interesting stuff).
James Forshaw: Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities.
You might check the BH Briefings website for updates once those become available.
On a somewhat unrelated note, mostly for German readers: the “Hardening Microsoft Environments” workshop we initially gave at Troopers15 is now available via our training provider.
Have a great weekend everybody
Enno
Let me just add my presentation during BH Arsenal:
https://www.blackhat.com/us-15/arsenal.html#active-directory-backdoors-myth-or-reality-bta-open-source-tool-for-ad-analysis
Slide could be downloaded here: https://bitbucket.org/iwseclabs/bta/downloads
Health & Happiness 🙂
Sn0rkY