Building Your TTP Arsenal with Carlos & Chris: Know Thy Self

Date: May 25, 2021
Location: Virtual

Building Your TTP Arsenal with Carlos Perez & Christopher Paschen is a monthly webcast session with these experts from TrustedSec’s Research Team! Join these quick 20 – 30 minute sessions through the link below.

Know Thy Self

In this webcast, we will look at finding information about who uses the system so we can gain an idea not only of the current user we may be running under when we get access but also about other accounts that we can entrap to further gain access to other resources. Given how solutions like Microsoft Defender for Identity Monitors Active Directory enumeration, we will look at how to leverage information cached in the system so as to be OPSEC safe.

We will look at:

  • Why it is important to enumerate users that log in to a system.
  • Background of GPO Cache.
  • Getting Users SID from the Registry.
  • Getting Users SID with WMI.
  • Enumerating User Groups from the GPO Cache.

Missed the other sessions? You can watch the recordings here now!