0:39 Whoami 3:59 Microsoft Remote Desktop Services (RDS) Roles 6:47 How to compromised and investigate a RDS infrastructure (Gaining an initial foothold) 21:08 How to compromised and investigate a RDS infrastructure (Breaking out of RDS) 28:04 How to compromised and investigate a RDS infrastructure (Additional compromise) 28:59 How to compromised and investigate a RDS infrastructure (Additional compromise - Demo) 32:27 How to compromised and investigate a RDS infrastructure (Real World Attack Case#1) 35:46 How to compromised and investigate a RDS infrastructure (Real World Attack Case#2) 38:34 How to compromised and investigate a RDS infrastructure (Recommendation)

I'm at the first cacti issue and already pray things start getting harder over the duration of the talk

Nice Presentation! We know your company for writing amazing articles (with rigorous technical details) too!!

Here in Finland Mikko is know as "the rockstar of cyber security". Anyone watching this keynote will immediately see why.

00:05 🕵 Introduction to powerful Windows coercion techniques 00:50 🔓 PetitPotam for initial access via encryption service 05:00 🖨 PrinterBug abuses print spooler for foothold 10:07 💥 ADCS attack for instant domain admin access 18:41 📧 Outlook vuln to steal user credentials 20:19 🔌 NTLM relay for privilege escalation 27:06 🗝 Abusing machine accounts for lateral movement 31:30 🎫 Kerberos delegation misconfigs for domain admin 39:56 🔒 Mitigations that can stop these attacks 44:32 🏁 Summary - lethal techniques, implement defenses

Theems neither the Whitepaper nor the SAP Logs Collector are available at the links shown in the talk.

Mikko is amazing and I love most of his talks, but the hype and spookiness over the AI/image gen showed his misunderstanding a bit. It really started to go off the rails a bit there when it comes to sensationalism :/

19:12 When comparing to the description given in SAP Note 2216306, one hase to refrain from setting values for which it is stated 'In the case of an RFC logon in the same system with the same user and client, no authorization check is executed.' and additionally the ones which only take effect for some FuBas 'if this is called from SAP GUI' (for other reasons). Knowing this, I end up with the value '2' (obsolete) and '9'. For the value '9' SAP states 'this value scarcely brings about any security improvement in comparison with the value 6.' It seems this statement misses the while internal conversation scenario. SAP should reconsider their recommendation. 47:13 Some month ago, I convinced SAP to make an adjustment in the UCON framework, as it blocked the assignment of certain function modules (mostly of group SRFC) to the SNC_CA. The fix was provided in SAP note 3352382.

Who gave ChatGPT the money to pay humans for cracking the code?

Maybe helpfull: Main Security Issues Fixed Code Vulnerabilities: The speaker mentions that Nissan had fixed code vulnerabilities that could be exploited. Remote Unlocks: There are vulnerabilities that allow for the remote unlocking of entire vehicle fleets due to flaws in the Series XM head unit operating system. Internal Architecture: The speaker mentions that vehicles have bad internal architecture, making them susceptible to various kinds of attacks. Weak Authentication: The talk discusses the use of weak methods for authentication, such as byte additions and single-digit integer additions for seeds, which can compromise vehicle security. Backdoors: Some systems have backdoors implemented that are outside the scope of requirements, leading to potential security risks. Telematics Unit: Newer vehicles have telematics units for connectivity, which if not properly secured, can act as a starting point for mass exploitation. Poor Design Choices: The speaker mentions that poor design choices, such as direct access to internal buses behind headlights, can lead to devastating results. Bootloaders: The talk discusses vulnerabilities in the bootloader section of ECUs, which can be exploited if not properly secured. Battery Isolator: In electric and fuel cell vehicles, the battery isolator can be exploited to reset the whole vehicle and gain access to boot processes. Regulatory Gaps: The speaker mentions that current regulations, set to come into effect in 2024, may not be sufficient to ensure vehicle cybersecurity. Would you like to delve deeper into any of these points?

Turns out the shills were real (fake) the whole time

Passend zur Defcon 😄

Nice stuff. Thanks for sharing.

That’s a great way to look at it.

So, did anyone challange Mikko on the fireball? :D Great keynote, looking forward for the rest of the talks to get uploaded!

I'm not even done watching the video but wanted to make sure to leave a comment. THANK YOU, for putting the slides into the video in a readable fashion and not just relying on video footage of the projector screen at the conference.

👍🏻

Does this log injection works on linux based?

Great presentation! Very interesting. Good job.

North Korea also has no crime rate and people don't even dare throw trash on the street or steal things. Why do you guys always bash them? And how is any of this a bad thing?

Sound is fixed at 5:30

👏

Terrible, terrible sound

wow this is crazy good work. this class should be in the millions view

Man, she really had to kick my boy Albert while he was down

Good stuff but why not just say this is for Penetration testing? I like seeing Python and Unix but also PoSH. It is MSFT after all and you left out their best scripting language.

Thank you!

Very well done, my son ❤️

I like how it goes from a German accent to “Howdy y’all🤠”

Amazing talk. Need to be more popular. I really appreciate the fact that basics of hypervisor is covered along with security aspects.

proud to say i patch dell iDRAC bmc but ummm everything else is lacking

Link to download pdf offline.

This was such a fun talk to give. The TROOPERS conference is excellent.

Love this presentation! Thanks ropnop!

Lies all lies

So are VLANs in the DMZ still a holy cow?

Where is the slideshows file?

IT WAS AWESOMEEEEEEE!!!!!! I don't know why it has not reached #M likes yet.!!! I Learned a lot, it clarified many of the blurry concepts in Kerberos and LDAP for me. Thank you man, you are amazing.

simply amazing

really good information here. much helpful information. thank you for uploading.

april, first...but no joke here

Why can you not hack it into a covert data collection trojan, then return to DPRK?

hello /x/

man. the world's a weird place.

More recent firmware adds rolling encryption - this makes a good case to go ahead and update if you have not yet done so!

hello .. is the presentation available?

The screenshot part really weirded me out. Great talk

Information packed talk well done!

Wow. That's one neat bag of tricks. Really wonder what graveyard speaking-slot they had to get so little audience feedback (claps).

h`l gues gооt. the trast to mes to straik. but lama partishen categories to see jpg gaid. dot spectrum to go to jop