Presented at
BruCON 0x0A (2018),
Oct. 4, 2018, 3 p.m.
(60 minutes)
Using Deception for defence in Active Directory is very fruitful. It makes it possible to target multiple phases of an adversary’s attack methodology. While attacking an enterprise network, adversaries generally enumerate the AD trusts. It is important for them to map the relationships and trusts between domains and forests as it helps in lateral movement and post exploitation.
This talk discusses forging and implanting computers, domain and forest objects in an AD environment. Such objects target the attacker mind-set and methodology by providing easy yet high value targets. We will see how this deception technique traps an adversary across an enterprise attack cycle.
Open source scripts for deployment of discussed techniques will also be discussed during the talk. The talk will be full of live demonstrations.
Presenters:
-
Nikhil Mittal
Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, active directory, attack research, defense strategies and post exploitation research. He has 9+ years of experience in red teaming.
He specializes in assessing security risks at secure environments, which require novel attack vectors, and "out of the box" approach. He has worked extensively on bypassing active directory detection mechanisms and Offensive PowerShell for red teaming. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.
Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.
He has spoken/trained at conferences like Defcon, BlackHat, CanSecWest, BruCON, 44CON and more.
He blogs at http://www.labofapenetrationtester.com/
Links:
Similar Presentations: