BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.troopers.de//tr26-cfp//speaker//PTFNSE
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-tr26-cfp-TVDCFG@cfp.troopers.de
DTSTART;TZID=CET:20260624T174500
DTEND;TZID=CET:20260624T181500
DESCRIPTION:Windows Deployment Services (WDS) is a partially deprecated Win
 dows role providing PXE boot services for deploying machines over a LAN. A
 lthough its usage has declined since the release of Windows 11\, it often 
 remains in Active Directory environments because it has been overlooked\, 
 leaving even up-to-date networks potentially exposed. Default administrati
 ve practices\, sometimes masked by Windows behaviors\, further increase th
 e attack surface. The recent deprecation of Microsoft Deployment Toolkit (
 MDT)\, widely used for image orchestration and customization alongside WDS
 \, accelerates the ecosystem’s retirement while leaving existing deploym
 ents exposed and security issues unresolved. This presentation examines th
 e attack vectors that can be exploited against WDS servers in Active Direc
 tory environments. Scenarios will include credential leakage\, WinPE image
  extraction\, and a supply chain attack\, demonstrated through examples fr
 om real-world penetration tests on information systems. Practical exploita
 tion paths\, common misconfigurations\, and residual artifacts left after 
 removal of PXE components will be highlighted. Possible ways to address th
 ese risks in enterprise environments will also be discussed.
DTSTAMP:20260510T025753Z
LOCATION:Track 2
SUMMARY:Windows Deployment Service: An AD Blind Spot? - Geoffrey Sauvageot-
 Berland
URL:https://cfp.troopers.de/tr26-cfp/talk/TVDCFG/
END:VEVENT
END:VCALENDAR