Learn EDR Internals: Research & Development From The Masters
Get 20% off all career paths from fullstack to AI
Overview
AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Discover a novel approach to circumventing Windows Server Update Services (WSUS) limitations in this Black Hat conference talk. Learn how to control targeted networks from a compromised WSUS server and explore potential air gap attack strategies for disconnected networks. Delve into the classical attack scenario, chair model, and various devices affected. Understand the mechanics, limitations, and summary of the attack method. Explore data insertion techniques, stored procedures, and proof of concept demonstrations. Gain insights into attack automation, metadata manipulation, and Microsoft's proposed solutions. Examine injection methods, data verification, and export processes. Learn how to protect your systems by following Microsoft's recommendations and controlling array relationships. Investigate metadata signing for disconnected networks and participate in a Q&A session to further your understanding of this critical cybersecurity topic.
Syllabus
Introduction
Classical Attack Scenario
Chair Model
Other Devices
How it works
Limitations
Summary
Inserting Data
Second Try
Stored Procedures
Proof of Concept
Automating Attack
Metadata
Microsoft Solution
Injection
Verify
Export
Data
Victim Check
How to Protect Yourself
Listen to Microsoft
Control Array Relationship
Disconnected Networks
Metadata Signing
Conclusion
Questions
Taught by
Black Hat