Press "Enter" to skip to content



I’m taking a quick break from our Empire series to bring you something my ATD teammate Matt Nelson and myself have been working on over the last month or so- a project called PowerSCCM. This is the first primarily defensive-oriented post I’ve published, but fear not, more offensive material is in the hopper ;) Using Microsoft’s System Center Configuration Manager (SCCM) for unintended purposes has been on a people’s radar since Dave Kennedy’s “Owning One To Rule Them All” presentation at Defcon 20. Matt expanded on this type of material in his ShmooCon Firetalk “Red Team Upgrades: Using SCCM for Malware Deployment” and accompanying blog post. I’ve recently…