Garrett Foster
Garrett Foster (@unsigned_sh0rt) is a senior security researcher, red team operator, instructor, and course architect at SpecterOps. He has conducted and led successful engagements against organizations from the finance, healthcare, and energy sectors. Garrett enjoys active directory security and endpoint management research and offensive tool development. Garrett has previously presented at Blackhat USA and DEFCON and is a co-author of the Misconfiguration Manager project and is the primary developer of SCCMHunter.
Session
At Troopers 24, we presented Misconfiguration Manager: Overlooked and Overprivileged, exploring the rampant SCCM misconfigurations that have grown into widely-adopted tradecraft among adversaries and red teams. A year later, the landscape has only grown more interesting - new attack paths have emerged, defenses have evolved (or failed to), and SCCM remains a prime target for privilege escalation, post-exploitation, and domain compromise. In this talk, we’ll explore what’s changed, what’s still broken, and the latest horror stories and tradecraft research shaping SCCM security today.