Jimmy Su
CyCraft Technology / Cyber Security Researcher
Jimmy Su is currently a cybersecurity researcher at CyCraft. He is also a graduate student in Information Security at NTHU. He specializes in AD and Azure security and holds professional certifications in eJPT, ARTA and CRTO. He has been a speaker at CYBERSEC, HITCON 101, SECCON, government sectors, and academic institutions.
SCCM (Configuration Manager) is a solution provided by Microsoft to help enterprise centrally manage the configuration and software deployment of Windows computers, servers, and other devices. With the advancement of security research in AD CS, potential security risks in Microsoft's AD-related services have become a focus of attention. SCCM, due to its highly interactive nature with devices, has been found to have more than 20 known security concerns. These risks include, but are not limited to, low-privilege domain users potentially gaining control over Tier 0 assets such as MSSQL, SMS, and AD CS.
This session will focus on the security issues of SCCM, providing an in-depth analysis of its operational principles and common misconfigurations that might serve as entry points for attackers.
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。