Another OPOSEC meeting took place yesterday, the 30th of may, and as always it was worthit.
I had been missing the latest meetings, so it felt good to be back, and as always there were good vibes and many geeks alike around.
The meeting had the following talks:
– Industry 4.0: why are we so interested in cyber security? by Armindo Carvalho
– Completely Automated Public Turing test to tell Computers and Humans Apart (PT/EN) by David Magalhães (@speeddragon)
– Admin rights, everyone gets Admin rights! (EN/PT) by Pedro Tarrinho (@Tarrinho)
The industry 4.0 talk wasn’t actually a talk about a security topic, but instead the presentation of a company that’s gathering ciber security projects to present to big companies, so they can become aware of this threat.
The Admin rights talk was about a topic discussed in the past at oposec, regarding the exploitation of Microsoft Active Directory, by generating golden and silver tickets, allowing for Admin rights over the AD.
This was an awesome talk, using mimikatz tool, a regular user can become a network superuser, gaining access to all systems.
This was demonstrated with a demo video, on several scenarios, where a user that’s part of an Ad or not, and with or without local Admin rights, was able to get a golden ticket and get access to whatever he wanted.
David talk was about captcha bypassing, a very nice talk, explaining several techniques to evade captcha validation, useful when you need to query a web page multiple times.
On this meeting I brought along a new atendee, welcome to the real world Carlos 🙂
As usual, drinks and food were on the house, thank you oposec and all participants.