Curious how ransomware groups like Lockbit execute their attacks in practice?
In this presentation we go into detail. As a Red Team operator, Cedric simulates ransomware attacks at clients, and as a Blue Team engineer, Maarten helps clients to defend against them. Ransomware groups use the same tools and protocols that we use in our Red Team engagements. In this presentation we discuss technical weaknesses and common misconfigurations in enterprise solutions like Active Directory. Red Teamers and attackers use the same tools or weaknesses to gain access, escalate privileges and spread through the network. Examples are ADCS weaknesses and the tool Bloodhound, which we will discuss in detail. Additionally, we show how ransomware groups are structured, how they work, how they have professionalized over the years, and how to protect against them.
This lecture is worth 1 colloquium point. This lecture lasts from 17:00 to 18:00 it is therefore not possible to leave earlier and/or enter later. There is no need to register for the lecture.