
Sign up to save your podcasts
Or
A pentester navigated from basic internal network access to achieving full Domain Controller (DC) compromise and ultimately SCADA system control, revealing vulnerabilities that could have led to a hazardous chlorine release into a city's water supply. Episode 5 of The Security Engineering Show offers invaluable insights into modern offensive security and real-world breaches.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford: CEO at 0pass
Finn Foulds-Cook: Senior Penetration Tester at Volkis
00:00 - Intro
1:40 - The Engagement
4:45 - Windows Exploitation and Tooling
6:55 - ADCS, Coerced Auth, and Certs!
11:10 - Domain Controller Takeover
13:20 - Abusing DC Sync and EDR
15:55 - From DA to Azure
18:00 - Disabling your fancy EDR
19:30 - Escalating to Azure Global Admin
21:10 - Everything hacked, now what?
22:03 - Enumerating SCADA
24:31 - From SCADA to DEATH
27:44 - How do we fix all of this?
30:01 - Important security insights
31:47 - Message to Security / IT teams
33:36 - Outro
A pentester navigated from basic internal network access to achieving full Domain Controller (DC) compromise and ultimately SCADA system control, revealing vulnerabilities that could have led to a hazardous chlorine release into a city's water supply. Episode 5 of The Security Engineering Show offers invaluable insights into modern offensive security and real-world breaches.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford: CEO at 0pass
Finn Foulds-Cook: Senior Penetration Tester at Volkis
00:00 - Intro
1:40 - The Engagement
4:45 - Windows Exploitation and Tooling
6:55 - ADCS, Coerced Auth, and Certs!
11:10 - Domain Controller Takeover
13:20 - Abusing DC Sync and EDR
15:55 - From DA to Azure
18:00 - Disabling your fancy EDR
19:30 - Escalating to Azure Global Admin
21:10 - Everything hacked, now what?
22:03 - Enumerating SCADA
24:31 - From SCADA to DEATH
27:44 - How do we fix all of this?
30:01 - Important security insights
31:47 - Message to Security / IT teams
33:36 - Outro
387 Listeners
923 Listeners
7,818 Listeners