Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Offensive IT Operations: Who Stole the Crown Jewels

Tanoy Bose

1 vote(s)

During any penetration test, we are heavily dependent on compromising credentials of IT operators and hunting credentials that are slightly more privileged that could help us compromise the domain administrator. Even with powerful tools like Bloodhound, penetration testing an infrastructure is not very easy when it comes to either systems that are not on the Enterprise Domain or when the enterprise has configured a red forest for the domain controller administrator.
 
In this paper, we would be covering the multiple ways of compromising such infrastructures utilizing various IT operation tools like Microsoft System Center, Puppet, Ansible.
 
About the authors
 
Tanoy is a security researcher and a consultant, currently working at a big 4. His primary focus in work is on infrastructure security. He also is a very enthusiastic DotA and Counter Strike gamer.
 
Vijay is a programmer and computer security enthusiast working in an organization where compromising companies and defending them is his main role. Loves linux, learning Puppet and Powershell DSC.