<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
In the past few months there's been a light-speed jump when it comes
to how people do penetration tests against Active Directory
networks. A lot of this was sparked by a talk given by Microsoft's
Azure penetration testing team at last year's INFILTRATE.
Microsoft's researchers (and the hacking world) are still far ahead
but <a
href="http://www.rapid7.com/resources/videos/credential-exploits-with-metasploit.jsp">Metasploit
Pro</a> and <a href="https://vimeo.com/140723133">CANVAS </a>both
include some pretty cool AD hacking features now. It's not just
about passing hashes and collecting user tokens - it's really more
about how you visualize the Active Directory information store from
a hacker's point of view. <br>
<br>
But there were other talks at INFILTRATE last year that, <a
href="https://vimeo.com/album/3416096">if watched</a>, give you a
strategic perspective on the future of offense. I'd go into more of
them, but I like to wait until CANVAS or INNUENDO has a video out
with the feature implemented first. :)<br>
<br>
There are a lot of advantages to talking at INFILTRATE rather than
other conferences. You don't get lost in the noise, for example. <b>We
do profit sharing</b> (and there WAS some last year, for the first
time!), and it's still an intimate conference with a high technical
level of attendees. Frankly, it's a conference that is both MORE FUN
and MORE INFORMATIVE than the other ones. So in other words, please
send Nico an email with your talk ideas!<br>
<br>
<a href="http://infiltratecon.com/cfp.html">http://infiltratecon.com/cfp.html
</a><br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>