QSP Labs
The Quality and Security Program Tirol invites to the upcoming Lab:
Hacking an Enterprise: From Nothing to Domain Admin
David Wind
A1 Digital International GmbH
10.01.2020, 14:00–18:00
3W04 Seminar Room, ICT Building (2nd floor), Technikerstraße 21a, Innsbruck
This lab session should demonstrate, how attackers could fully compromise companies over the Internet without
any deeper knowledge about the internal network infrastructure. We start with a typical spear phishing
attack in order to gain access to one or two client systems. After getting a foot into the company, the goal
is to gain elevated privileges on the compromised clients. Several techniques, how to achieve this, will be
demonstrated. We proceed by exploiting common weaknesses within the infrastructure of our target to gain domain
admin privileges.
This lab should demonstrate, how we at A1 Digital typically perform an internal security assessment, what issues
we find and what recommendations we give our clients on how to increase the security of their networks.
Language: German
Structure: Presentation, interactive case studies, exercises with laptops
Required Skills: Basic Windows and Linux knowledge, AD
Required Equipment: Internet access, DP Client (xfreerdp), VNC and SSH
Maximal number of participants: 15
David Wind is a Penetration Tester at A1 Digital where his focus areas are web application security, Windows AD
security and social engineering. He participates in Bug Bounty programs where he was able to identify bugs for
Google, Netflix, Ebay and others.
Online privacy is of great importance to him which is why he is giving talks on international conferences about
secure messaging and other security relevant topics.
