Group Policy is one of the oldest—and most dangerously overlooked—attack surfaces in Windows environments. While everyone focuses on EDR, Conditional Access, and identity protection, attackers are quietly using trivial GPO abuse techniques to hijack desktops, deploy malware, disable security controls, harvest credentials, and execute code across the entire domain… all WITHOUT triggering traditional defenses.

In this super-session, Dave demonstrates real-world “GPOwned” attacks used in ransomware campaigns, insider threat situations, and red-team simulations. You’ll see how a low-privileged foothold can escalate into full domain compromise simply by abusing GPO permissions, SYSVOL, delegated OU rights, insecure registry settings, and common “living off the land” (LOL) binaries baked directly into Windows.

By the end, attendees will understand exactly why Group Policy is still one of the easiest ways to hack an enterprise, how attackers use it to bypass modern security controls, and—most importantly—what it actually takes to lock it down, audit it, and protect Active Directory from catastrophic compromise.