Horizontal penetration in the windows-based infrastructure

Want to visit   +68

Author: Teimur Kheirkhabarov

Every targeted attack consists of several stages. At the initial stage, attackers collect information about the company and its employees to find out the weakest link. Next, the intruders penetrates the corporate network and obtains access to one or several hosts inside the protected perimeter. They will attempt to get authentication data of users with privileges on various corporate hosts. Then, attackers start lurking on hosts in search of relevant information or systems. A multitude of tools for remote execution of Windows commands and other authorized utilities, so popular among system administrators, are at disposal of attackers. The speaker will talk about all these mechanisms and utilities. You will also learn how to find the traces of their usage inevitably left behind in event logs.

  • Language
  • Russian

Engaged in theoretical and practical aspects of information security research for more than six years. SOC analyst at Kaspersky Lab. Formerly, the head of the infosec department at an industrial company. Received specialist's and master's degrees from the Siberian State Aerospace University where later he was giving lectures on IS. An active participant to CTF contests. Spoke at ZeroNights.

Teimur Kheirkhabarov Teimur Kheirkhabarov

Back to the list