4      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778616 - FROM ZERO TO FULL DOMAIN ADMIN - Tracking the digital footprint of a ransomware attack

Oct 20, 2021 11:45am ‐ Oct 20, 2021 1:00pm

Credits: None available.


Follow in the footsteps of a cybercriminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker’s techniques used and how they went from zero to full domain admin compromise that resulted in a nasty ransomware incident.

Learning Objectives:
  • How attackers gained access to systems.
  • What tools were used.
  • How "AD elevation" was achieved.


Tags: Intermediate


  • 1.25 - CPE

You must be logged in and own this session in order to post comments.