Every admin tool is an attack tool, yet there are no good or bad shells – that part is up to you.
In this session we’ll present technical, hands-on examples of what SUCKS and what ROCKS on the Windows ‘Living off the land’ remote admin operations, Protocols and APIs from IPC mechanisms (Named Pipes, mailslots etc’) through RPC (WMI / DCOM / Multiple LoLBins), WinRM / PSRemoting, RDP and more.
Coming from dozens of engagements consulting various role-based remote operations architectures & Red Team assessments for organizations in 4 continents we will discuss Pros and Cons for jump server architectures, as well as role-based shells for everyone!
We’ll also present how to limit powershell in creative ways, and demonstrate a super CLI, fully audited, whitelisted to do exactly what you want it to do, single port, fully encrypted, copies files, sends local variables to remote sessions and much more! but.. also show how we can manipulate remote sessions without any credentials exposed to fully take over the account.
This session will be held by Yossi Sassi. Yossi is a InfoSec researcher & friendly hacker. Sassi has accumulated extensive experience in information security for ~30 years, in Red-Blue team assessments, conducting DF/IR investigations and more, including Fortune100 accounts.
Ex-member of Javelin Networks, a unique defense solution for Active Directory (acquired by Symantec). Worked for Microsoft 8 years as Technology Group Manager and coded support tools for Windows Server. Sassi spoke at TED and TEDx events, and was awarded 4 Peace and friendship awards.
If you want to secure your systems - you should not miss this session! Come and join us for real life examples and demos so you are able to protect your systems!