This lab session should demonstrate, how attackers could fully compromise companies over the Internet without
any deeper knowledge about the internal network infrastructure. We start with a typical spear phishing
attack in order to gain access to one or two client systems. After getting a foot into the company, the goal
is to gain elevated privileges on the compromised clients. Several techniques, how to achieve this, will be
demonstrated. We proceed by exploiting common weaknesses within the infrastructure of our target to gain domain
This lab should demonstrate, how we at A1 Digital typically perform an internal security assessment, what issues we find and what recommendations we give our clients on how to increase the security of their networks.
Structure: Presentation, interactive case studies, exercises with laptops
Required Skills: Basic Windows and Linux knowledge, AD
Required Equipment: Internet access, DP Client (xfreerdp), VNC and SSH
Maximal number of participants: 15
David Wind is a Penetration Tester at A1 Digital where his focus areas are web application security, Windows AD
security and social engineering. He participates in Bug Bounty programs where he was able to identify bugs for
Google, Netflix, Ebay and others.
Online privacy is of great importance to him which is why he is giving talks on international conferences about secure messaging and other security relevant topics.