The Security Engineering Show

Something in the Water | Ep. #5 | The Security Engineering Show


Listen Later

A pentester navigated from basic internal network access to achieving full Domain Controller (DC) compromise and ultimately SCADA system control, revealing vulnerabilities that could have led to a hazardous chlorine release into a city's water supply. Episode 5 of The Security Engineering Show offers invaluable insights into modern offensive security and real-world breaches.


This is the show for security engineers, by security engineers.


Featuring

Noah Stanford: CEO at 0pass

Finn Foulds-Cook: Senior Penetration Tester at Volkis


00:00 - Intro

1:40 - The Engagement

4:45 - Windows Exploitation and Tooling

6:55 - ADCS, Coerced Auth, and Certs!

11:10 - Domain Controller Takeover

13:20 - Abusing DC Sync and EDR

15:55 - From DA to Azure

18:00 - Disabling your fancy EDR

19:30 - Escalating to Azure Global Admin

21:10 - Everything hacked, now what?

22:03 - Enumerating SCADA

24:31 - From SCADA to DEATH

27:44 - How do we fix all of this?

30:01 - Important security insights

31:47 - Message to Security / IT teams

33:36 - Outro

...more
View all episodesView all episodes
Download on the App Store

The Security Engineering ShowBy The Security Engineering Show


More shows like The Security Engineering Show

View all
Click Here by Recorded Future News

Click Here

387 Listeners

Malicious Life by Malicious Life

Malicious Life

923 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,818 Listeners