From XSS to Domain Admin
It’s a long way to the root if you wanna Rock and Roll!
On August 26th, our Security Researcher Davide Girardi, a.k.a. GiRa, will present an exploitation scenario on a typical company network. The exploitation will start from a Cross-Site-Scripting flaw in the company blog and will get us to a full Active Directory Administrator account.
The network has up-to-date client and server operating systems, a DMZ between two firewalls and a company website.
As an image worth a thousand words, here it is a network diagram for you:
You have the opportunity to see some groovy usage of Beef-XSS, metasploit and some Active Directory knowlege.
Register your seat here!