We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Six Degrees of Domain Admin

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
74
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Robbins, Andy Vazarkar, Rohan Schroeder, Will

Formal Metadata

Title
Six Degrees of Domain Admin
Title of Series
Number of Parts
93
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Active Directory domain privilege escalation is a critical component of most penetration tests and red team assessments, but standard methodology dictates a manual and often tedious process – gather credentials, analyze new systems we now have admin rights on, pivot, and repeat until we reach our objective. Then — and only then — we can look back and see the path we took in its entirety. But that may not be the only, nor shortest path we could have taken. By combining our concept of derivative admin (the chaining or linking of administrative rights), existing tools, and graph theory, we can reveal the hidden and unintended relationships in Active Directory domains. Bob is an admin on Steve’s system, and Steve is an admin on Mary’s system; therefore, Bob is effectively (and perhaps unintentionally) an admin on Mary’s system. While existing tools such as Nmap, PowerView, CrackMapExec, and others can gather much of the information needed to find these paths, graph theory is the missing link that gives us the power to find hidden relationships in this offensive data. The application of graph theory to an Active Directory domain offers several advantages to attackers and defenders. Otherwise invisible, high-level organizational relationships are exposed. All possible escalation paths can be efficiently and swiftly identified. Simplified data aggregation accelerates blue and red team analysis. Graph theory has the power and the potential to dramatically change the way you think about and approach Active Directory domain security. Bio: Andy Robbins is the Offensive Network Services lead for Veris Group’s Adaptive Threat Division. He has performed penetration tests and red team assessments for a number of Fortune 500 commercial clients and major U.S. Government agencies. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at DerbyCon. He has a passion for offensive development and red team tradecraft, and helps to develop and teach the ‘Adaptive Red Team Tactics’ course at BlackHat USA. Rohan Vazarkr is a penetration tester and red teamer for Veris Group’s Adaptive Threat Division, where he helps assess fortune 500 companies and a variety of government agencies. Rohan has a passion for offensive development and tradecraft, contributing heavily to EyeWitness and the EmPyre projects. He has presented at BSides DC, and helps to develop and teach the ‘Adaptive Penetration Testing’ course at BlackHat USA. Will Schroeder is security researcher and red teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red team tradecraft, and offensive PowerShell
00:00
Degree (graph theory)Domain-specific languageFeedbackDomain-specific languageDegree (graph theory)BitIntegrated development environmentSystem administratorWindowConnectivity (graph theory)Directory serviceGame theoryComputer animationProgram flowchart
01:05
Degree (graph theory)Domain-specific languageProcess (computing)TwitterHill differential equationAdaptive behaviorProjective planeView (database)Group actionDivision (mathematics)Connectivity (graph theory)Software testingPower (physics)Service (economics)Web 2.0NumberOpen sourceSet (mathematics)Computer file
02:09
State of matterDirectory serviceDomain-specific languageActive DirectoryState of matterGraph (mathematics)Data managementArithmetic meanSelf-organizationDirectory servicePower (physics)Domain-specific languageMultiplication signModule (mathematics)BlogElectronic mailing listVulnerability (computing)Point (geometry)ResultantData storage deviceBelegleserSoftware testingOcean currentBitPatch (Unix)View (database)Enterprise architectureRight angleIntegrated development environmentFood energySound effectSpeech synthesis
04:40
Client (computing)CuboidIntegrated development environmentDirectory serviceSystem administratorLine (geometry)Capability Maturity ModelVulnerability (computing)Domain-specific languageData managementPatch (Unix)Self-organizationGreatest elementNeuroinformatikSystem programmingMultilaterationMeeting/Interview
05:34
Server (computing)TheoryGraph (mathematics)Physical systemGraph theoryVirtual machineProcess (computing)Derivation (linguistics)Mathematical analysisLink (knot theory)Domain-specific languageEntire functionReal numberSystem administratorWater vaporServer (computing)Different (Kate Ryan album)Software testingTraffic reportingCore dumpContext awarenessIntegrated development environmentReading (process)Client (computing)Function (mathematics)Group actionDisk read-and-write headGraph (mathematics)Complex (psychology)Multiplication signLocal ringFilesharing-SystemBitRight angleChainComputer-assisted translationCuboidSystem programmingTwitterMereologyPivot elementIdentity managementWordInheritance (object-oriented programming)Bridging (networking)Scripting languageComputer programmingProper mapData managementVulnerability (computing)Patch (Unix)PasswordNeuroinformatikArithmetic meanBookmark (World Wide Web)Hash functionShared memoryComputer filePotenz <Mathematik>LoginOnline helpElement (mathematics)
12:39
Representation (politics)Physical systemElement (mathematics)Vertex (graph theory)Set (mathematics)Local GroupDomain-specific languageComputerServer (computing)Group actionGroup actionVirtual machinePhysical systemGraph (mathematics)Server (computing)Semiconductor memoryScripting languageRight angleDomain-specific languageRepresentation (politics)Formal languagePersonal identification numberView (database)Vertex (graph theory)MereologyContext awarenessRelational databaseNeuroinformatikSystem administratorElement (mathematics)IdentifiabilityFundamental theorem of algebraQuery languagePower (physics)Different (Kate Ryan album)MultilaterationFrequencyConnectivity (graph theory)Branch (computer science)Directory serviceSet (mathematics)Discrete groupSoftwareMathematicsCore dumpCASE <Informatik>Graph theoryInheritance (object-oriented programming)2 (number)Single-precision floating-point formatVisualization (computer graphics)WritingFunctional (mathematics)
17:41
Local GroupInternet service providerSystem administratorInformationTelecommunicationDomain-specific languageStapeldateiMappingLocal GroupRaw image formatServer (computing)Internet service providerFile formatFlagDifferent (Kate Ryan album)Object (grammar)Data structureInterface (computing)NeuroinformatikFunctional (mathematics)Set (mathematics)View (database)Uniform resource locatorDatei-ServerVirtual machineGame controllerDefault (computer science)Reverse engineeringGroup actionStapeldateiLocal ringField (computer science)Point (geometry)System callMathematical analysisFront and back endsMiniDiscPower (physics)Domain-specific languageQuery languageEncryptionFormal languageService (economics)WeightSystem administratorProfil (magazine)Computer configurationElement (mathematics)Physical systemSoftwareRight angleContext awarenessCategory of beingRevision controlComputer fileBounded variationCuboidCross-correlationMereologyEnumerated typeMessage passingRepresentational state transferWebsiteOperating systemBit1 (number)Figurate numberTelephone number mappingInheritance (object-oriented programming)
22:44
Demo (music)Demo (music)TouchscreenPerfect graphComputer animation
23:18
Group actionDomain-specific languageSystem administratorIntegrated development environmentView (database)Key (cryptography)Online helpPresentation of a groupComputer animation
24:02
Internet forumStructural loadLocal GroupMereologyElement (mathematics)Multiplication signGroup actionFormal languageDefault (computer science)Degree (graph theory)System administratorBitGraph (mathematics)Domain-specific languageNeuroinformatikRight angleVirtual machineLocal ringPhysical systemDerivation (linguistics)Diagram
25:22
Internet forumLocal GroupStructural loadZoom lensRight angleElement (mathematics)Graph (mathematics)Local ringFormal languageGroup actionSystem administratorIntegrated development environmentNeuroinformatikComputer animation
26:10
MIDIGroup actionDirection (geometry)System administratorDerivation (linguistics)NeuroinformatikRight angleLocal ringCalculationDiagramComputer animation
26:45
Domain-specific languageFormal languageGroup actionSubgroupMultiplication signSequelMehrplatzsystemNeuroinformatikComputer animationDiagram
27:32
SimulationPC CardLocal GroupStructural loadOrder of magnitudeGroup actionPhysical systemSystem administratorDomain-specific languageNeuroinformatikFunction (mathematics)Right angleLocal GroupFormal languageTrailDifferent (Kate Ryan album)CASE <Informatik>Insertion lossWeightDirectory serviceDiagram
28:37
Distributed computingSystem administratorNeuroinformatikRight angleDerivation (linguistics)DatabaseGroup actionLocal ringDomain-specific languagePower (physics)Formal languageSystem programmingPasswordComputer-assisted translationBitDiagram
29:41
Structural loadGroup actionForestDomain-specific languagePhysical systemDifferent (Kate Ryan album)System administratorSystem programmingElement (mathematics)Right angleLocal ringScalabilityMultiplication signBoundary value problemIntegrated development environmentProper map
30:33
IdentifiabilityEnterprise architectureQuery languageObject (grammar)Integrated development environmentComputer configurationDomain-specific languagePhysical systemWorkstation <Musikinstrument>DatabaseVirtual machineLevel (video gaming)Information securityForestMultiplication signServer (computing)Degree (graph theory)Boundary value problemWindowNeuroinformatikFormal languageSystem programmingGraph (mathematics)Group actionTrail
32:21
Boom (sailing)1 (number)CASE <Informatik>Antivirus softwareSet (mathematics)Game controllerNeuroinformatikRadical (chemistry)Server (computing)Domain-specific languageElectronic visual displayDefault (computer science)Task (computing)Group actionComputer configurationLocal ringMultiplication sign
33:26
Linear multistep methodGroup actionInternetworkingLocal ringSystem administratorBookmark (World Wide Web)Domain-specific languageQuery languageSelectivity (electronic)Graph (mathematics)Point (geometry)Client (computing)Medical imagingNeuroinformatikSurfaceConnectivity (graph theory)Single-precision floating-point formatComputer animation
34:25
Client (computing)Graph (mathematics)DatabaseStructural loadGoodness of fitScripting languageFirewall (computing)User interfaceRule of inferenceComputer animation
35:13
Domain-specific languagePower (physics)CompilerDemo (music)Touch typingTelecommunicationGraph (mathematics)MereologyComputer architectureLink (knot theory)Revision controlProjective planeFreewareDatabaseFront and back endsWeb 2.0Open sourceExpert systemDebuggerCross-platformComputer animation
36:24
Graph (mathematics)DatabaseRight angleMoment (mathematics)Repository (publishing)Computer clusterGoodness of fitDivisorProgram flowchartComputer animation
37:18
CompilerGraph (mathematics)DatabaseBitTwitterLink (knot theory)Computer animation
38:04
Higher-order logicProfessional network serviceLattice (order)Formal languageComputer architectureHydraulic jumpTwitterBinary codeRow (database)
39:18
Domain-specific languageHash functionAuthorizationFormal languageSystem administratorLocal ringSheaf (mathematics)Level (video gaming)Integrated development environmentProxy serverModal logicGraph (mathematics)WikiHydraulic jumpVector potentialPhysical systemMultiplication signNeuroinformatikCartesian coordinate systemValidity (statistics)NumberDatabaseGroup actionPasswordSinc functionProjective planeNatural numberGame controllerMathematicsElement (mathematics)Directory servicePlanningSoftware developerPoint (geometry)Filesharing-SystemVirtual machineProduct (business)Enumerated typeAttribute grammarMatching (graph theory)Graph theoryFile formatWindowRight angleMessage passingSystem programmingComputer animation
Transcript: English(auto-generated)