Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how attackers can weaponize Active Directory environments by transforming them into command-and-control infrastructure in this DEF CON 33 conference talk. Discover the offensive potential of Group Policy Objects (GPOs) as powerful attack primitives that enable enumeration, persistence, and privilege escalation in segmented enterprise environments. Learn about the implementation details of GPOs, understand why they have received limited attention from the pentesting community despite their significant exploitation potential, and examine advanced techniques for abusing Active Directory's inherent C2 capabilities. Gain insights into GPO enumeration methodologies and sophisticated exploitation strategies developed by security researchers, while exploring the release of two specialized tools designed for GPO enumeration and exploitation. Understand how mature attackers can leverage these often-overlooked Active Directory features to maintain persistent access and escalate privileges across complex network infrastructures.
