BSidesAugusta is part of the Security B-sides (BSides) phenomenon, a worldwide community-driven framework for building events for and by information security community members.
BSidesAugusta holds an annual conference in the Fall with the goals of:
We will cover the Active Directory attack path that arises from permissions granted in the ACLs of Active Directory objects. The talk will discuss common attack paths, the technical details of their existence, and how attackers can execute them with limited risk of detection. The presentation will also provide a comprehensive remediation plan for organizations to prevent these attack paths from emerging again, including best practices, tools, and techniques. Attendees will gain a deeper understanding of ACL-based attack paths in AD and practical knowledge on how to protect their organizations from these attacks.
This presentation will cover the Active Directory attack path that emerges from permissions granted in the ACLs of Active Directory objects. Specifically, we will discuss the attack paths we commonly see in the field, the technical details of why they exist, and how attackers can execute them with limited risk of detection.
Our talk will focus on the importance of understanding how ACLs work in Active Directory, how these attack paths occur, and the potential risks they pose to organizations. We will demo examples of how both old and new ACL-based attacks can be executed to escalate privileges in Active Directory and gain Domain Admin access, for example. Additionally, we will discuss the technical details of why the attack paths are hard to avoid in even a hardened Active Directory environment.
Finally, we will present a comprehensive remediation plan that organizations can use to build an OU structure and configure ACLs to prevent these attack paths from emerging again. We will share best practices, tools, and techniques for implementing these measures and ensuring that they effectively prevent similar attacks in the future.
Attendees will leave our talk with a deeper understanding of ACL-based attack paths in AD and the potential risks, as well as practical knowledge of how to protect their organizations from these attacks. Our talk will be of particular interest to both offensive and defensive security professionals, system administrators, and IT managers.
(WINDOWS) HELLO FROM THE OTHER SIDE Dirk-jan Mollema
ALL YOUR PARCEL ARE BELONG TO US Dennis Kniel
ATTACKING ULTRA-WIDEBAND: SECURITY ANALYSIS OF UWB APPLICATIONS IN SMARTPHONES Jiska Classen Alexander Heinrich
BEYOND JAVA: OBFUSCATING ANDROID APPS WITH PURELY NATIVE CODE Laurie Kirk
CAT & MOUSE - OR CHESS? Fabian Mosch
DAS IT-SECURITY-LAGEBILD AUS HEISE-SICHT Jürgen Schmidt aka ju
DETECTION AND BLOCKING WITH BPF VIA YAML Kev Sheldrake
DUMPING NTHASHES FROM AZURE AD Nestori Syynimaa
EVERYONE KNOWS SAP, EVERYONE USES SAP, EVERYONE USES RFC, NO ONE KNOWS RFC: FROM RFC TO RCE 16 YEARS LATER Fabian Hagg
FACT BASED POST EXPLOITATION - OFFICE365 EDITION Melvin Langvik
FAULT INJECTION ATTACKS ON SECURE AUTOMOTIVE BOOTLOADERS Nils Weiss Enrico Pozzobon
FORENSIC EXAMINATION OF CEPH Florian Bausch
FORENSIC ANALYSIS ON REAL INCIDENTS INSIDE MICROSOFT REMOTE DESKTOP SERVICES Catarina de Faria Cristas
GPT-LIKE PRE-TRAINING ON UNLABELED SYSTEM LOGS FOR MALWARE DETECTION Dmitrijs Trizna Luca Demetrio
HIDDEN PATHWAYS: EXPLORING THE ANATOMY OF ACL-BASED ACTIVE DIRECTORY ATTACKS AND BUILDING STRONG DEFENSES Jonas Bülow Knudsen Alexander Schmitt
HOMOPHONIC COLLISIONS: HOLD ME CLOSER TONY DANZA Justin Ibarra Reagan Short
HORROR STORIES FROM THE AUTOMOTIVE INDUSTRY Thomas Sermpinis
INTERNAL SERVER ERROR: EXPLOITING INTER-PROCESS COMMUNICATION IN SAP’S HTTP SERVER Martin Doyhenard
JUPYSEC: AUDITING JUPYTER TO IMPROVE AI SECURITY Joe Lucas
MONITORING SOLUTIONS: ATTACKING IT INFRASTRUCTURE AT ITS CORE Stefan Schiller
OAUTH AND PROOF OF POSSESSION - THE LONG WAY ROUND Dominick Baier
OOPSSEC - THE BAD, THE WORST AND THE UGLY OF APT’S OPERATIONS SECURITY Tomer Bar
PRIORITY FOR EFFECTIVE ACTION - A PRACTICAL MODEL FOR QUANTIFYING THE RISK OF ACTIVE DIRECTORY ATTACKS Mars Cheng Dexter Chen
REAL WORLD DETECTION ENGINEERING IN A MULTI-CLOUD ENVIRONMENT Aaron Jewitt
REPORTLY - KEEP YOUR HEAD IN THE CLOUDS. A NEW AZURE VISUALIZATION TOOL FOR ANALYZING USER ACTIVITIES. Sapir Federovsky
SAP (ANTI-)FORENSICS: DETECTING WHITE-COLLAR CYBER-CRIME Yvan Genuer
SECURITY HEROES VERSUS THE POWER OF PRIVACY Avi D Kim Wuyts
SO YOU PERFORMED A FOREST RECOVERY. HOW DO YOU RECONNECT YOUR AD AGAIN WITH AZURE AD? Jorge de Almeida Pinto
SPOOKY AUTHENTICATION AT A DISTANCE Tamas Jos
STAY FIT: HACK A JUMP ROPE Axelle Apvrille
TESTING AND FUZZING THE KUBERNETES ADMISSION CONFIGURATION Benjamin Koltermann Maximilian Rademacher
THE ANATOMY OF WINDOWS TELEMETRY PART 2 Tillmann Oßwald Dominik Phillips Maximilian Winkler
THE POWER OF COERCION TECHNIQUES IN WINDOWS ENVIRONMENTS Martin Grottenthaler
THE WIRE ON FIRE: THE SPIES WHO LOVED TELCOS Aleksandar Milenkoski
VULNERABILITIES IN THE TPM 2.0 REFERENCE IMPLEMENTATION CODE Francisco Falcon
