CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
Blue Team Forum
  • May 6th (Thu)
  • 10:00 - 10:30
  • 7F 701E

Domain Slayer: Mugen Backdoor

This speech will begin with an introduction to the Active Directory architecture, a recap of the Active Directory weaknesses throughout the past decade, ranging from MS14-068 to Zerologon, and the state-of-the-art intranet intrusion techniques, such as pass-the-hash, pass-the-ticket, man-in-the-middle attacks, to inform the audience on current information gap between the attacker and the defender.

In view of the findings of several red teaming exercises, Hans and his team found that defenders still consider the old-school large-scale scanning and system account addition, and administrator privilege escalation to be the hacking techniques on intranet. Hans will also share how hackers invade corporate networks, perform lateral movement, and hunt down systems’ high-value targets. 


Hackers leverage service vulnerabilities such as SharePoint exploit to conduct lateral movement, obtain domain administrator privilege, and to DCSync domain servers to gain control of the highest domain administrator privileges, similar to ransomware widely deploying software to end users to establish persistent backdoors such as Gold Ticket. Security tools (WAF, IPS, EDR, AV software, etc.) and common bypassing techniques encountered during red teaming exercises will also be discussed.


Hans aspires to promote world peace and help defender to leave office early to work from home. 

Red Team Penetration TestingMITRE ATT&CK
Hans Wang

Hans Wang

Senior Consultant, CHT Security

Hans joined CHT Security as senior consultant in January 2018. With 10 years of experience in cybersecurity , he specializes in hacking techniques, red team, web security, and network penetration testing, and has discovered multiple critical CVEs. As a professional certified by several international credentials, including CEH, CHFI, GWAPT, OSCP, he aspires to help world peace and to enable security personnel to leave office early to work from home.