Missing the Forest for the Trees: When Server Hardening Isn’t Enough
Performing intensive server hardening without considering the other possible exploit paths can end up being a futile exercise. In fact, it’s almost like going for a smoke break at Fort Knox and leaving the back door open in the process.
This is a case study on how to breach an Active Directory domain without even touching the domain directly, although the lessons can apply to most applications and platforms. Both red team and blue team demos are included, so the problem as well as possible solutions are discussed.
Speakers Bio: Hudson Bush is a Senior Information Security Architect at K2 Solutions, Inc. in Southern California. When not homebrewing, Hudson spends his time assisting small and medium businesses with securing their networks.