This is the demo that was shown in the BSides DC Presentation “Bridging the Gap: Lessons in Adversarial Tradecraft” by @enigma0x3 and @harmj0y. This demo walks through the process of compromising the forest root of a domain by obtaining normal access in a child domain with PowerShell Empire

This demo shows how to use Empire to enumerate domain trusts, compromise a domain controller without code execution, and hop up a forest trust, all through a single compromised workstation.

This video is the demo recorded for the BSides Las Vegas “Building an Empire with PowerShell” talk.

The following video is a hotlink to the narrated demo at the end of the BSides Las Vegas presentation “Building an Empire with PowerShell“.