This course teaches learners how to exploit group policy hijacking attacks to gain control over Windows networks. The course covers the concepts of Group Policy, its configuration settings, and various threat scenarios related to domain controllers and domain members. Participants will learn about exploiting weak passwords, user settings, and Win logon sessions. The teaching method includes a summary of the exploit process, demonstrations on Windows Domain Member and Linux Server, and discussions on the effectiveness of controls like MS15011 and MS15014. The intended audience for this course includes cybersecurity professionals and individuals interested in network security.
How to Own Any Windows Network via Group Policy Hijacking Attacks
Overview
Syllabus
Introduction
Outline
What is Group Policy
How does it work
Configuration settings
Prepatch scenario
How can it be attacked
Threat scenarios
Domain controllers
Domain members
SP signing
SP signing scenarios
SP signing diagram
Does it work
How to get a shell
Summary
Exploit process
Demo
Windows Domain Member
Linux Server
System Shells
Group Policy
Weak Passwords
User Settings
Local Configuration
Update User Settings
Win logon session
MS15011 and MS15014
How effective are these controls
User settings exploit
Is kerberos viable
kerberos example
decryption
domain controller
hardened uncpass
kerberos
log in
read response
caveats
Mitigation
User Policy
Taught by
SyScan360
