A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Red vs. Blue: Modern Active Directory Attacks & Defense - Sean Metcalf Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Red vs. Blue: Modern Active Directory Attacks & Defense
Sean Metcalf
Derbycon 2015

Red vs. Blue: Red vs. Blue: Modern Active Directory Attacks & Defense – Sean Metcalf “@PyroTek3” This talk explores the latest Active Directory attack vectors including useful Red Team recon tactics and provides effective defensive techniques for the Blue Team.

Dive right into the technical detail describing the latest methods for gaining and maintaining administrative access in Active Directory, including some sneaky AD persistence methods. Also covered are traditional security measures that work (and some that don’t) as well as the mitigation strategies that disrupts the attacker’s preferred game-plan.

Some of the topics covered:
– “SPN Scanning” with PowerShell to identify potential targets without network scans (SQL, Exchange, FIM, webservers, etc.).
– Exploiting weak service account passwords as a regular AD user.
– How attackers go from zero to (Domain) Admin.
– MS14-068: the vulnerability, the exploit, and the danger.
– Mimikatz, the attacker’s multi-tool.
– Using Silver Tickets for stealthy persistence.
– Sneaky persistence methods attackers use to maintain admin rights.
– Detecting offensive PowerShell tools like Invoke-Mimikatz.
– Active Directory attack mitigation.

Sean Metcalf is the Chief Technology Officer at DAn Solutions, a company that provides Microsoft platform engineering and security expertise. Mr. Metcalf is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification. Furthermore, he assisted Microsoft in developing the Microsoft Certified Master Directory Services certification program for Windows Server 2012. åÊ Mr. Metcalf has provided Active Directory and security expertise to government, corporate, and educational entities since Active Directory was released. He currently provides security consulting services to customers with large Active Directory environments and regularly posts interesting Active Directory security information on his blog, ADSecurity.org. Follow him on Twitter @PyroTek3

@PyroTek3

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast