Attacking EvilCorp: Anatomy of a Corporate Hack

DerbyCon 6.0 - Recharge

Presented by: Sean Metcalf, Will Schroeder
Date: Saturday September 24, 2016
Time: 10:00 - 10:50
Location: Regency North
Track: Break Me

With the millions of dollars invested in defensive solutions, how are attackers still effective? Why do defensive techniques seem to rarely stop or slow down even mid-tier adversaries? And is there anything the underfunded admin can do to stop the carnage? Join us in a shift to ?assume breach? and see how an attacker can easily move from a single machine compromise to a complete domain take over. Instead of "death by PowerPoint," see first-hand how a fictional corporation suffers "death by a thousand cuts?. The fictional EvilCorp presents their top defensive tools and practically dares someone to attack the network. The battle of Red vs. Blue unfolds showing EvilCorp's network submit to the unrelenting attacks by an experienced adversary. When the dust settles, the Red Team looks victorious. But what, if anything, could have tipped the scales in the other direction? In this demo-heavy session (several demos are shown to demonstrate modern attack effectiveness), we showcase the latest attack techniques and ineffective defenses still used to protect companies. Defense evasion tools and techniques are detailed as well as attack detection methods. Effective mitigation strategies are highlighted and the Blue Team is provided a roadmap to properly shore up defenses that can stop all but the most determined attacker.

Sean Metcalf

Sean Metcalf (@PyroTek3) is founder & principal security consultant of Trimarc and is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification. He is also a Microsoft MVP and has presented on Active Directory attack and defense at BSides, Shakacon, Black Hat, DEF CON, and DerbyCon security conferences.

Will Schroeder

Will Schroeder (@harmj0y) is an Information Security Researcher and red teamer for Veris Group'?'s Adaptive Threat Division. He is the co-founder the Veil-Framework, PowerTools, and PowerShell Empire, and has presented at ShmooCon, Defcon, Derbycon, and various Security BSides on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats