DSCompromised: A Windows DSC Attack Framework
DSCompromised: A Windows DSC Attack Framework
Black Hat Asia 2016
Matt Hastings, Ryan Kazanciyan
Hello!
Ryan Kazanciyan Chief Security Architect, Tanium
Matt Hastings Security Director, Tanium
Backgrounds in incident response & forensics for large-scale, targeted attacks Formerly consultants, currently builders Co-authors of "Investigating PowerShell Attacks" (BH USA, 2014) Continue to do IR & forensics research for "fun"
2
Agenda
Background DSCompromised
Framework & Attack Scenarios Sources of evidence Areas for future research and work
3
What the $%#$% is Desired State Configuration?
Windows DSC 101
Next-gen configuration management platform for Windows Instrumented via PowerShell Uses standard Managed Object Format (MOF) files Does not require Active Directory (unlike SCCM) Similarities to Puppet & Chef
DSC is not a complete solution stack DSC implements the configuration layer Puppet and Chef can interoperate with DSC
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- windows management framework 3 0
- how to keep a windows restore point
- create a windows 10 repair usb
- what is a windows password
- how to reset a windows 7 password
- how to wipe a windows 7 laptop
- wipe a windows 7 computer
- delete a windows 10 file association
- how to rename a windows user
- a framework for strategic innovation
- what is a framework document
- how to uninstall a windows service