BSides Boston 2016 has ended
Back To Schedule
Saturday, May 21 • 9:00am - 9:45am
Up is Down, Black is White: Using SCCM for Wrong and Right
Offense and defense overlap more often than you may think. The same tools that allow attackers to disappear into the shadows can be used to tease indicators out of the noise. Lateral movement that blends in with normal traffic can be a challenge in some environments, and this makes living 'off the land' with existing functionality even more important to attackers. At the same time, defensive analysts need to be able to gather indicators without tipping their hand to adversaries. Why not use deployed system administration tools against the very sysadmins who rely on them, and why not use existing toolsets to hunt the bad guys trying to hide in plain sight?

This presentation will cover how one common system administration tool, System Center Configuration Manager (SCCM) can be used for both good and evil. We’ll cover a detailed background on SCCM, including typical deployment scenarios and relevant security measures, before diving into how SCCM can be used as either an excellent attack platform or a powerful defensive solution. We will cover our newly developed PowerShell SCCM toolkit (PowerSCCM) in depth and how to apply it no matter which color of team you play on.


Matt Nelson

Matt Nelson (@enigma0x3) is a red teamer and penetration tester for Veris Group’s Adaptive Threat Division. He performs a variety of offensive services for a number of government and private sector clients, including advanced red team assessments. He has a passion for offensive... Read More →

Will Schroeder

Will Schroeder (@harmj0y) is security researcher and red teamer for Veris Group’s Adaptive Threat Division. He has presented at a number of security conferences including Shmoocon, Defcon, Derbycon and several Security BSides conferences (including BSides Boston!) on topics spanning... Read More →

Saturday May 21, 2016 9:00am - 9:45am EDT
NERD 1 Memorial Dr
  It doesn't fit
  • Room Sampson