Turning your Active Directory into the attacker's C2

Name: Turning your Active Directory into the attacker's C2
Description: Group Policy Objects (GPOs) are one of the most powerful — and most underappreciated — attack surfaces in Active Directory environments. At DEF CON 33, penetration testers Quentin Roland and Wilfried

Quentin Roland, Wilfried Bécard

DEF CON 33 · Day 1 · Main Stage

Group Policy Objects (GPOs) are one of the most powerful — and most underappreciated — attack surfaces in Active Directory environments. At DEF CON 33, penetration testers Quentin Roland and Wilfried

AI review

GPO infrastructure weaponized as a bidirectional C2 channel over legitimate SMB — no external connections, blends into AD replication traffic, and four open-source tools make this immediately usable by the red team community.

Watch on YouTube