I Have the Power(View): Offensive Active Directory with PowerShell

March 16, 2016 (at 4 p.m.) in Attack & Research

Active Directory has been covered from a system administration perspective for as long as it has existed. However, much less information exists on how adversaries abuse and backdoor AD, leaving many defenders blind to the attacks carried out in their own environment. This talk will cover Active Directory from an offensive perspective, illustrating ways that attackers move through Windows networks with ease. These actions are facilitated by PowerView, an advanced AD enumeration tool written by the presenter that allows for easy local administrator enumeration, domain trust hopping, user hunting, ACL auditing, and more. PowerView has dramatically changed the way many operate on red team operations, and has helped to "bridge the gap" and bring advanced tradecraft to even time-constrained engagements.

Will Schroeder

Will Schroeder (@harmj0y) is a researcher and red teamer in Veris Groups' Adaptive Threat Division. He actively participates in the public community and has spoken at several industry conferences including Shmoocon, Derbycon, and Defcon on topics spanning AV-evasion, red-teaming, domain trust abuse, offensive PowerShell, and more. He also helps develop/teach the Adaptative Red Team Tactics Blackhat training class, is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active PowerSploit contributor, and is a co-founder/core developer of the PowerShell post-exploitation agent Empire. His technical blog is at http://blog.harmj0y.net/.