QSP Labs

The Quality and Security Program Tirol invites to the upcoming Lab:

Hacking an Enterprise: From Nothing to Domain Admin

David Wind
A1 Digital International GmbH

10.01.2020, 14:00–18:00

3W04 Seminar Room, ICT Building (2nd floor), Technikerstraße 21a, Innsbruck

Lab Description

This lab session should demonstrate, how attackers could fully compromise companies over the Internet without any deeper knowledge about the internal network infrastructure. We start with a typical spear phishing attack in order to gain access to one or two client systems. After getting a foot into the company, the goal is to gain elevated privileges on the compromised clients. Several techniques, how to achieve this, will be demonstrated. We proceed by exploiting common weaknesses within the infrastructure of our target to gain domain admin privileges.
This lab should demonstrate, how we at A1 Digital typically perform an internal security assessment, what issues we find and what recommendations we give our clients on how to increase the security of their networks.

Language: German
Structure: Presentation, interactive case studies, exercises with laptops
Required Skills: Basic Windows and Linux knowledge, AD
Required Equipment: Internet access, DP Client (xfreerdp), VNC and SSH
Maximal number of participants: 15

About the Expert

David Wind is a Penetration Tester at A1 Digital where his focus areas are web application security, Windows AD security and social engineering. He participates in Bug Bounty programs where he was able to identify bugs for Google, Netflix, Ebay and others.
Online privacy is of great importance to him which is why he is giving talks on international conferences about secure messaging and other security relevant topics.