Attacking EvilCorp – Anatomy of a Corporate Hack (Derbycon 2016)

With the millions of dollars invested in defensive solutions, how are attackers still effective? Why do defensive techniques seem to rarely stop or slow down even mid-tier adversaries? And is there anything the underfunded admin can do to stop the carnage? Join us in a shift to ?assume breach? and see how an attacker can easily move from a single machine compromise to a complete domain take over. Instead of “death by PowerPoint,” see first-hand how a fictional corporation suffers “death by a thousand cuts.” The fictional EvilCorp presents their top defensive tools and practically dares someone to attack the network. The battle of Red vs. Blue unfolds showing EvilCorp’s network submit to the unrelenting attacks by an experienced adversary. When the dust settles, the Red Team looks victorious. But what, if anything, could have tipped the scales in the other direction? In this demo-heavy session (several demos are shown to demonstrate modern attack effectiveness), we showcase the latest attack techniques and ineffective defenses still used to protect companies. Defense evasion tools and techniques are detailed as well as attack detection methods. Effective mitigation strategies are highlighted and the Blue Team is provided a roadmap to properly shore up defenses that can stop all but the most determined attacker.

Sean Metcalf (@PyroTek3) is founder & principal security consultant of Trimarc and is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification. He is also a Microsoft MVP and has presented on Active Directory attack and defense at BSides, Shakacon, Black Hat, DEF CON, and DerbyCon security conferences. Will Schroeder (@harmj0y) is an Information Security Researcher and red teamer for Veris Group?s Adaptive Threat Division. He is the co-founder the Veil-Framework, PowerTools, and PowerShell Empire, and has presented at ShmooCon, Defcon, Derbycon, and various Security BSides on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s