Exploiting Group Policy Objects for Persistence and Lateral Movement

Explore a presentation on leveraging Group Policy Objects (GPOs) for persistence and lateral movement in compromised networks. Delve into how GPOs, typically used for centralized management of Microsoft operating systems and applications, can be exploited for malicious purposes. Learn about a proof of concept inspired by Phineas Fishers' HackingTeam breach, demonstrating automated malware distribution and persistence techniques. Discover new PowershellEmpire Framework modules created by the presenters for GPO exploitation. Examine potential countermeasures, including detection and prevention mechanisms, to defend against these tactics. Gain insights from penetration testers Yves Kraft and Immanuel Willi as they share their expertise in building and deconstructing security systems.

Hack.lu 2016 badGPO - Using GPOs for Persistence and Lateral Movement