The Whole is more Dangerous than the Sum of its Parts

Damon “ch3f” Small will discuss a real-world, complex attack-chain scenario. This will demonstrate how individual vulnerabilities may not be damaging, but a series of them used by a skilled attacker can result in a large-scale compromise. The presenter will walk through each of the nine entry and pivot points that started with unauthenticated system enumeration and incrementally led to ever-escalating privileges. Ultimately, the team of pentesters became Domain Administrator. This lesson illustrates the point that managing risk involves more than simply understanding the threat landscape; rather, we must also understand it in the context of the entire enterprise.

Register Today!