BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Sold Out - Offensive SCCM: Abusing Microsoft's C2 Fr
 amework\n   When: Thursday\, Aug 8\, 09:00 - 12:59 PDT\n   Where: Springhi
 ll Suites/Dean Martin - [1]Map\n\n   Description:\n\n   Microsoft Configur
 ation Manager\, formerly SCCM (System Center\n   Configuration Manager)\, 
 is a powerful technology that has been used to\n   deploy software to Wind
 ows systems in the majority of enterprise\n   environments since it was re
 leased by Microsoft in 1994. Although SCCM\n   has a high potential for ab
 use due to its privileged access to entire\n   fleets of servers and works
 tations\, it has not been heavily researched\n   or leveraged by security 
 professionals until recently\, presumably due\n   to the time-consuming in
 stallation process and learning curve. In this\n   workshop\, students wil
 l be provided access to a live environment that\n   reflects an enterprise
  SCCM deployment\, gain an understanding of how\n   the different componen
 ts of SCCM interact\, and learn how to execute\n   recently discovered att
 ack primitives that can be used compromise SCCM\n   clients\, servers\, an
 d entire hierarchies. By completing both guided\n   exercises and optional
  CTF challenges in this lab environment\,\n   students will learn how to d
 emonstrate the impact of attack paths\n   involving SCCM.\n\n   By the end
  of this workshop\, participants will be able to: -\n   understand the fou
 ndational concepts needed to attack and defend SCCM\n   - understand SCCM 
 defaults and configurations that can be abused - use\n   SCCM to complete 
 a realistic attack chain\, including recon\, privilege\n   escalation\, cr
 edential gathering\, site takeover\, and lateral movement\n   - understand
  how to use offensive security tools to interact with\n   SCCM\, such as S
 CCMHunter\, SharpSCCM\, sccmwtf\, PXEThief\, and ntlmrelayx\n\n   To get t
 he most out of this training\, participants will benefit from\n   reviewin
 g the following resources\, although they are not required: -\n   Misconfi
 guration Manager (misconfigurationmanager.com) - System Center\n   Configu
 ration Manager Current Branch Unleashed\, by Kerrie Meyler -\n   Configura
 tion Manager Terminology - Looking Inside Configuration\n   Manager - Netw
 ork Design - Client Management\n\n   This workshop is the second version o
 f Flipping the Coin and features\n   upgraded attack paths\, and lab envir
 onments.\n\n   By the end of the workshop\, attendees will:\n\n     1. \n\
 n       Understand and perform common offensive attacks (supported by the\
 n       Metasploit Framework) against Windows Domains\, including:\n\n    
      * Pass the Hash attacks\;\n\n         * gMSA Golden Attack\;\n\n     
     * ADCS abuse\;\n\n         * Common tunnelling techniques\;\n\n       
   * PrintSpoofer exploits\;\n\n         * LSASS exploitation (using Mimika
 tz)\;\n\n         * AD enumeration (using BloodHound)\;\n\n         * DACL
  abuse\;\n\n         * Kerberos golden tickets\; and\n\n         * DLL hij
 acking.\n\n     2. \n\n       Understand the process of detecting attacks 
 against Windows\n       infrastructure\, including how to design and imple
 ment their own\n       detection rules based on attendees’ previous atta
 cks\, using:\n\n         * Sigma/Yara rules.\n\n         * Log ingestion/n
 ormalisation platforms\, and query engines (e.g.\n           ELK).\n\n    
  3. \n\n       Understand and appreciate how the actions and processes of 
 red and\n       blue teams are interlinked\, for the greater collective go
 od.\n\n   Recommended (but not required) prior reading:\n\n     * https://
 nooblinux.com/metasploit-tutorial/\n\n     * https://posts.specterops.io/i
 ntroducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd
 8d6eb7c\n\n     * https://learn.microsoft.com/en-us/windows-server/identit
 y/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\n
 \n     * https://socprime.com/blog/sigma-rules-the-beginners-guide/\n\n   
   * https://github.com/socprime/SigmaUI\n\n     * https://blog.netwrix.com
 /2021/11/30/how-to-detect-pass-the-hash-attacks/\n\n     * https://posts.s
 pecterops.io/certified-pre-owned-d95910965cd2\n\n     * https://www.elasti
 c.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dl
 l.html\n\n   Much of the material and core concepts of the workshop remain
  the same\n   from the DEF CON 31 workshop with some updated topics for DE
 F CON 32\,\n   including an updated environment\, and gMSA attacks within 
 the lab.\n\n   Since 2022\, Chris\, Duane\, and Garrett have released a co
 mbined 8 blog\n   posts and authored 3 tools (SharpSCCM\, SCCMHunter\, and
 \n   Misconfiguration Manager) that demonstrate novel offensive techniques
 \n   to abuse SCCM functionality.\n\n   Speakers:Chris Thompson\,Duane Mic
 hael\,Garrett Foster\n\n   SpeakerBio:  Chris Thompson\, Principal Consult
 ant at SpecterOps\n\n   Chris Thompson (@_Mayyhem) is a Principal Consulta
 nt at SpecterOps\,\n   where he conducts red team operations\, research\, 
 tool development\, and\n   training. Chris has instructed at Black Hat USA
 /EU and spoken at\n   Arsenal\, DEF CON Demo Labs\, SO-CON\, and Troopers.
  He is the primary\n   author of Maestro and SharpSCCM and co-author of Mi
 sconfiguration\n   Manager\, an open-source tool and knowledge base that c
 an be used to\n   help demonstrate\, mitigate\, and detect attacks that ab
 use Microsoft\n   Configuration Manager (formerly SCCM).\n\n   SpeakerBio:
   Duane Michael\, Managing Consultant at SpecterOps\n\n   Duane Michael (@
 subat0mik) is a Managing Consultant at SpecterOps\,\n   where he conducts 
 red team operations\, penetration tests\, research\,\n   course developmen
 t\, and training. Duane has instructed courses on red\n   teaming and vuln
 erability research at BH USA/EU\, NorthSec\, and SO-CON.\n   He has presen
 ted at Arsenal and DEF CON Demo Labs\, contributes to\n   various open sou
 rce projects\, and is a co-author of Misconfiguration\n   Manager.\n\n   S
 peakerBio:  Garrett Foster\, Senior Consultant at SpecterOps\n\n   Garrett
  Foster (@garrfoster) is a Senior Consultant at SpecterOps\,\n   where he 
 conducts red team operations\, penetration testing\, research\,\n   traini
 ng\, and course development. Garrett has presented at WWHF and\n   BsidesP
 DX. Garrett is a the primary author of SCCMHunter and a\n   co-author of M
 isconfiguration Manager.\n\n   '\n\n   1. #Springhill_Full\n\n\n
DTEND:20240808T195900Z
DTSTART:20240808T160000Z
LOCATION:WS - Springhill Suites/Dean Martin
SUMMARY:Sold Out - Offensive SCCM: Abusing Microsoft's C2 Framework
END:VEVENT
END:VCALENDAR