A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It - Sean Metcalf Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Sean Metcalf
Derbycon 2018

Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised.This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink and software that floods the SOC with alerts. Is it enough? The overwhelming answer is: No. The security controls that matter most are the ones that best protect those with the keys to the enterprise, the Active Directory administrators. With this access, an attacker can do anything they want in the environment: access all sensitive data, change access controls and security settings, embed to persist (for years), and often fully manage and control routers, switches, the virtualization platform (VMWare or Microsoft Hyper-V), and increasingly, the cloud platform. Administrators are being dragged into a new paradigm where they have to more securely administer the environment. This involves protecting privileged credentials and limiting access Again the question is: Are the new ways to securely administer Active Directory enough to protect against attackers? Join me in this session to find out. Some of the areas explored in this talk: * Explore how common methods of administration fail. * Demonstrating how attackers can exploit flaws in typical Active Directory administration. * Highlight common mistakes organizations make when administering Active Directory. * Discuss what's required to protect admins from modern attacks. * Provide the best methods to ensure secure administration and how to get executive, operations, and security team acceptance.

Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org.


Back to Derbycon 2018 video list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast