Feature or a Vulnerability? Tales of an Active Directory Pentest

Presented at CackalackyCon 2 (2023), May 6, 2023, 3 p.m. (60 minutes).

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).


Presenters:

Links:

Similar Presentations: