I will open my talk with a magic trick that uses a dollar bill as a metaphor for your on-prem Active Directory. “Your AD is perfect, clean, free of any blemishes” I will say, “or maybe it looks more like this”. I crumple, tear, rip, and throw away a portion of the dollar. I then explain that it is only by better investigating your AD, that you can make it whole again. The dollar has returned to normal.
This talk is based off my first Adversary Emulation performed as a Blue Teamer. The talk is geared towards small companies or Jr. Administrators looking to get started with security. I will walk the audience through my own steps and findings. I begin with light AD enumeration using the “net” and “dsquery” commands, followed by attempts at remote executions to dump hashes using Metasploit hashdump and mimikatz. I also use Impacket’s GetUserSPNs.py to dump SPN hashes. Finally, I’ll discuss persistence techniques such as local account creation, scheduled tasks, and sticky keys redirection.
During this phase of the talk, I will explore some of the things that surprised me to find. For example: As a Windows veteran, and employee of 10 years, I did not realize how visible all of AD is to domain users. I also did not fully realize how easy an adversary with local administrator could create vulnerabilities that could put Domain Admin accounts at risk. The biggest #facepalm I found was that THE Domain Administrator account had been setup as an SPN and never removed. Any domain user could have the hash of my most precious account. I hope the audience is inspired to responsibly test their own domain by hacking themselves.
The second phase of my talk will focus on MAGIC. Several years ago I started learning card tricks as a hobby and I love sharing them with my family, friends, and attempting to wow my children. For this section I will perform and explain three simple tricks that anyone can learn. For the first trick I will teach everyone how to “force” someone to select a specific card. In the second trick, I will demonstrate how to control that card to the top of the deck. Lastly, I will perform a trick called “The Pancake”. I’ll let that one be a bit of a surprise. For the more “fidgety” crowd, I will also demonstrate a few card spins and flips to occupy idle hands.