Active Directory Security: The Journey

Presented at NolaCon 2018, May 20, 2018, 11 a.m. (Unknown duration)

Active Directory is only the beginning. ttackers have set their sights squarely on Active Directory when targeting a company, though this typically isn't the primary objective. The motivation and end goals range from stealing data to impacting corporate operations. In this regard, gaining control of Active Directory is a means to an end; compromising Active Directory is an easy way to gain access to all critical corporate resources. Effectively protecting Active Directory has become critical in limiting the impact of a breach. This talk takes the audience on a journey covering the various security milestones and challenges with Active Directory. A variety of (fictionalized) companies and their AD security posture are highlighted along with the challenges they encounter with securing their systems. Key elements involve how enterprise ""AD aware"" applications can weaken Active Directory security and how leveraging cloud services complicate securing infrastructure. Also explored is what an attacker can do in an environment without having Domain Admin rights. The final section discusses the commonly heard excuses for not implementing security controls to protect Active Directory and the ways to counter these arguments. This talk covers the critical issues affecting organizations today, as well as the biggest challenges; current attack techniques; and the most effective defensive techniques to prevent and mitigate compromise (including limitations to these approaches).

Presenters:

  • Sean Metcalf
    Sean Metcalf is founder and principal consultant at Trimarc (www.TrimarcSecurity.com) a consulting company which focuses on improving enterprise Active Directory security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at Black Hat, BSides, DEF CON, DerbyCon, Microsoft BlueHat, Shakacon and Walmart Sp4rkCon security conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org. Twitter: @PyroTek3.

Links:

Similar Presentations: