Black Hat Europe 2025 | SCOMmand And Conquer – Attacking System Center Operations Manager

Black Hat Europe 2025 | SCOMmand And Conquer – Attacking System Center Operations Manager

MediaVideo
Yanac

System Center Operations Manager (SCOM) environments are responsible for monitoring critical infrastructure yet introduce insecure defaults and an often-misconfigured attack surface within enterprise networks. This research exposes how SCOM’s default configurations and architectural design choices create exploitable abuse paths that can lead to credential theft, lateral movement across monitored infrastructure, and ultimately, domain privilege escalation.
This presentation will detail techniques for extracting account credentials, spoofing client enrollment, abusing credential relaying, and manipulating role-based access controls to takeover SCOM. We hope to leave you with a better understanding of SCOM’s internal security architecture and tangible defensive guidance for securing SCOM deployments.

By:
Garrett Foster | Senior Security Researcher, SpecterOps, Inc
Matt Johnson | Training Architect, SpecterOps, Inc.

https://blackhat.com/eu-25/briefings/schedule/?#scommand-and-conquer—attacking-system-center-operations-manager-48150Black HatRead More