Cyber BlueCon Meetup #0x0B

# A Cyber Security event for the community, by the community.

Come and join us on Wednesday ,16th at Stone & Chalk Melbourne for the April Cyber Blue Team Meetup! Follow us on LinkedIn: https://www.linkedin.com/company/105658486/Featuring a talk and a workshop by members of the Cyber Security community, with the opportunity to network with industry peers.

Location - Melbourne

• When: Wednesday, 16th April, 2025
• Time: 5:30pm - 7:30pm AEST
• Where: Stone & Chalk Melbourne - 121 King Street, Melbourne.
• Catered: Yes, refreshments will be provided
• Cost: Free

PLEASE USE THE QR CODE ON THE EVENT BANNER TO REGISTER

LIVE STREAM LOCATIONS:

Location - Abuja NG

• When: Wednesday, 16th April, 2025
• Time: 9:00 - 11:00am WAT
• Physical Venue: Coming Soon
• Cost: Free

Location - Lagos NG

• When: Wednesday, 16th April, 2025
• Time: 9:00 - 11:00am WAT
• Physical Venue: Coming Soon
• Cost: Free

Location - Accra GH

• When: Wednesday, 16th April, 2025
• Time: 8:00 - 10:00am GMT
• Physical Venue: Coming Soon
• Cost: Free

### Presentation:

Speaker: Chris K – Penetration Tester, Tesserent – OSCP, CRTP, CREST RTO, CPTS, PJPT
Talk Title: "Insecure by Design: (Almost) Domain Admin by Default"
Abstract: Chris K is a Penetration Tester at Tesserent with an unconventional journey into cybersecurity, beginning his career as a Cyber Security Analyst before moving into the world of Offensive Security. Known for his sharp skills and community spirit, Chris brings a deep understanding of Active Directory exploitation and defence.
At BlueCon#0x0B, Chris will present "Insecure by Design: (Almost) Domain Admin by Default", where he’ll explore a dangerous and often-overlooked flaw in Windows environments—how default WebDAV settings and the absence of LDAP signing can allow attackers to escalate privileges and compromise entire domains. Expect a deep dive into how these insecure-by-default settings can be exploited, along with practical advice on how to defend against them.
This session is highly practical and interactive, and part of the conclusion to our Active Directory Attack and Defence series. Be ready with questions—Chris is bringing both insight and some (mildly chaotic) demo energy.

### BlueCon 2025: Attacking and Defending Active Directory – 3-Part Workshop Series

### Workshop Overview

This three-part hands-on workshop has guided participants through building an AD lab, configuring auditing, and detecting attacks. In this final session, participants will see real-world exploitation and forensic analysis in action.

### Session 3: Attack & Defend – From Exploit to Detection

📅 Month 3 – Privilege Escalation & Threat Hunting

#### Learning Objectives

• Understand how insecure defaults can lead to domain compromise
• Execute real-world AD attacks and analyse logs for indicators
• Apply detection logic using built-in tools and SIEM platforms

#### Topics Covered

1️⃣ Exploitation Path

• WebDAV misconfiguration abuse
• LDAP signing bypass for privilege escalation

2️⃣ Detection & Response

• Identifying lateral movement and privilege escalation
• Event log analysis and correlation (Event IDs: 4624, 4672, 4688, 4104)

3️⃣ Hands-On Workshop 💡 Step 1: Simulate WebDAV to DC escalation 💡 Step 2: Review logs for attack traces 💡 Step 3: Write and test detection rules in a SIEM 💡 Step 4: Implement GPO and logging configuration for prevention.
Prerequisites:

• Laptop with virtualisation support
• Preconfigured Windows Server, Workstation, and Kali Linux VMs
• A copy of the lab guide will be shared post-event

Join us to close out the AD series with real-world tactics, hands-on learning, and practical defences that every SOC and blue teamer should know.
Interested in submitting an application to speak at future Cyber BlueCon events? You can apply here. Interested in volunteering? Let us know at the event.