Duane Michael
Duane Michael (@subat0mik) is an adversary simulation manager, operator, and researcher at SpecterOps. He has experience operating in many Fortune 100 enterprise environments across various industries. Duane enjoys Windows security research, has presented tooling and research at Black Hat Arsenal, DEF CON, Troopers, and SO-CON, is a contributor to various open source projects, such as SharpSCCM and SharpDPAPI, and is a primary author of Misconfiguration Manager. Duane has instructed courses at Black Hat USA/EU, DEF CON, and SO-CON covering topics such as red team operations, SCCM attacks, and Windows internals.
Session
At Troopers 24, we presented Misconfiguration Manager: Overlooked and Overprivileged, exploring the rampant SCCM misconfigurations that have grown into widely-adopted tradecraft among adversaries and red teams. A year later, the landscape has only grown more interesting - new attack paths have emerged, defenses have evolved (or failed to), and SCCM remains a prime target for privilege escalation, post-exploitation, and domain compromise. In this talk, we’ll explore what’s changed, what’s still broken, and the latest horror stories and tradecraft research shaping SCCM security today.