Optimizing Security Incident Response

  • TYPE: Combined Session DATE: Wednesday, September 15, 2021 TIME: 12:00-13:00 LOCATION: BODENSEE II

From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack

Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker's response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker's techniques used and how they went from zero to full domain admin compromise that resulted in a nasty CryLock ransomware incident.

In this session I will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers.  The footprints left behind and uncovering the techniques used. 

•              How attackers gained access to system

•              Established staging

•              What tools were used

•              What commands were executed

•              How the ransomware was delivered

•              How AD elevation was achieved



Register now!

And get your early bird discount

Hybrid Event

European Identity and Cloud Conference 2021

Registration fee:
€840.00 till 01.08.2021
$1050.00 till 01.08.2021
S$1344.00 till 01.08.2021
19250.00 kr
9240.00 kr till 01.08.2021
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • Sep 13 - 16, 2021 08:00-20:00 Munich, Germany
Attendance Opportunities