CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
Blue Team Forum
  • May 6th (Thu)
  • 10:00 - 10:30
  • 7F 701E

Domain Slayer: Mugen Backdoor

Chinese Onsite

This speech will begin with an introduction to the Active Directory architecture, a recap of the Active Directory weaknesses throughout the past decade, ranging from MS14-068 to Zerologon, and the state-of-the-art intranet intrusion techniques, such as pass-the-hash, pass-the-ticket, man-in-the-middle attacks, to inform the audience on current information gap between the attacker and the defender.

In view of the findings of several red teaming exercises, Hans and his team found that defenders still consider the old-school large-scale scanning and system account addition, and administrator privilege escalation to be the hacking techniques on intranet. Hans will also share how hackers invade corporate networks, perform lateral movement, and hunt down systems’ high-value targets. 

 

Hackers leverage service vulnerabilities such as SharePoint exploit to conduct lateral movement, obtain domain administrator privilege, and to DCSync domain servers to gain control of the highest domain administrator privileges, similar to ransomware widely deploying software to end users to establish persistent backdoors such as Gold Ticket. Security tools (WAF, IPS, EDR, AV software, etc.) and common bypassing techniques encountered during red teaming exercises will also be discussed.

 

Hans aspires to promote world peace and help defender to leave office early to work from home. 

Red Team Penetration TestingMITRE ATT&CK
hans

hans

Senior Consultant, CHT Security

Hans joined CHT Security as senior consultant since January 2018 and has started a PHD program from June 2021. With 11 years of experience in cybersecurity, he specializes in hacking techniques, web security, and network penetration testing, and has discovered multiple critical CVEs. As a professional with several international certificates, including CEH, CHFI, GWAPT, OSCP, he aspires to promote world peace and to enable security staff to leave office early instead of taking the blame for others.