SCOMmand And Conquer - Attacking System Center Operations Manager

System Center Operations Manager (SCOM) environments are responsible for monitoring critical infrastructure yet introduce insecure defaults and an often-misconfigured attack surface within enterprise networks. This research exposes how SCOM's default configurations and architectural design choices create exploitable abuse paths that can lead to credential theft, lateral movement across monitored infrastructure, and ultimately, domain privilege escalation. This presentation will detail techniques for extracting account credentials, spoofing client enrollment, abusing credential relaying, and manipulating role-based access controls to takeover SCOM. We hope to leave you with a better understanding of SCOM's internal security architecture and tangible defensive guidance for securing SCOM deployments. Vivin Sathyan Chief Technology Evangelist and Spokesperson, ManageEngine