Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore client-side attack vectors against Windows LAPS (Local Administrator Password Solution) in this DEF CON 33 conference talk that extends previous research on malicious LAPS exploitation. Learn how Local Administrator Password Solution automates local admin password rotation and secure storage in Active Directory or Microsoft Entra ID to ensure each system maintains unique, strong passwords. Discover the evolution of LAPS from clear-text fields in AD with Microsoft LAPS (LAPSv1) to encrypted AD attributes or Entra ID storage with Windows LAPS (LAPSv2). Examine client-side logic vulnerabilities in Windows LAPS that differ from traditional directory compromise approaches, focusing instead on maintaining persistence on compromised endpoints for both on-premises and Entra-joined devices. Understand LAPS internal workings through PDB symbols and light static analysis, then apply dynamic hooking techniques using Frida to capture, manipulate, and rotate admin passwords on demand. See practical demonstrations of reproducing Frida proof-of-concepts using Microsoft Detours for in-process hooks. Gain actionable insights into new attack vectors against Windows LAPS that enable assessment, reproduction, and defense against client-side attacks in enterprise environments.
