TripleSec

Two months ago to the day, Intrinsec had the pleasure of hosting the second TripleSec session.

TripleSec is a French-speaking IT security event (type Tech Talk) which aims to introduce three technical topics before discussing them over a drink, with 3 security presentations per session and a buffet offered by the company in which the event will take place.

The three presentations at this second edition of TripleSec were:

• Bypassing Microsoft JEA role capabilities for fun & profit
• LinkedIn in phishing campaigns
• Introducing BloodHound

You can find the programs and presentations from previous TripleSec editions on the official website.

BloodHound 101

The topic presented by Intrinsec concerned the Active Directory environment mapping tool BloodHound.

This tool uses graph theory to reveal hidden and often unintentional relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex paths of compromise that would otherwise be impossible to quickly identify.

During this presentation we addressed the following points:

• Introduction – Description of the different components of the BloodHound tool and how to use it
• Cypher Queries – Explanation of the semantics of cypher queries
• Analytics Queries – Presentation of cypher queries default and customized settings, used particularly during our missions Red Teaming and Internal IT
• RETEX – Feedback on various Active Directory domain compromise scenarios (exploitation of poor administration practices, incorrect DACL configuration, etc.)
• Recommendations – Presentation of techniques for detecting and reducing residual risks (Adversary Resilience Methodology)

The slides can be downloaded via the following URL:

• https://www.intrinsec.com/wp-content/uploads/2019/05/TripleSec2-BloodHound_101.pdf

A more detailed presentation of BloodHound will be covered in a dedicated article. Stay tuned 😉

In the meantime, if you would like more information about the tool and how to use it, please visit the Official GitHub and on the Dedicated Slack, implemented by Specterops.

Next edition

The third edition of TripleSec is scheduled for next week (May 16th) and will take place at our colleagues' website, Onepoint:

Onepoint Paris, 29 Rue des Sablons, 75116 Paris

All the tickets sold out very quickly, but you can follow all the news about future editions on the official Twitter account. @TripleSec_Conf.