DAn Solutions Official Logo


Active Directory Attack & Defense Conference Presentation Slides & Videos Posted

DAn Solutions’ Chief Technology Officer, Sean Metcalf, spoke at some of the largest and well-known security conferences this year about Active Directory attack and defense including BSides, Shakacon, Black Hat, DEF CON, and DerbyCon. Each presentation provided updated content including the latest information on current Active Directory attack and defense methods as well as new research performed by Mr. Metcalf. Sean’s research involves applying the latest attack techniques in a lab environment, determining additional attack vectors as well as alternative tools and methods, and then identifying mitigation and detection strategies.

If you are interested in having DAn Solutions help you secure your Active Directory enterprise, please contact us.

Talk Summary:
Red vs. Blue: Modern Active Directory Attacks & Defense

This talk explores the latest Active Directory attack vectors including useful Red Team recon tactics and provides effective defensive techniques for the Blue Team.Dive right into the technical detail describing the latest methods for gaining and maintaining administrative access in Active Directory, including some sneaky AD persistence methods. Also covered are traditional security measures that work (and some that don’t) as well as the mitigation strategies that disrupts the attacker’s preferred game-plan.

Some of the topics covered:

  • “SPN Scanning” with PowerShell to identify potential targets without network scans (SQL, Exchange, FIM, etc.).
  • Exploiting weak service account passwords as a regular AD user.
  • How attackers go from zero to (Domain) Admin.
  • MS14-068: the vulnerability, the exploit, and the danger.
  • Mimikatz, the attacker’s multi-tool.
  • Using Silver Tickets for stealthy persistence.
  • Sneaky persistence methods attackers use to maintain admin rights.
  • Detecting offensive PowerShell tools like Invoke-Mimikatz.
  • Active Directory attack mitigation


Presentation Slides & Videos:
DerbyCon Edition – “Red vs. Blue: Modern Active Directory Attacks & Defense” (v5)
DerbyCon V (September 2015)
DerbyCon 2015 Slides (PDF)
DerbyCon Presentation Video (YouTube)

DEF CON Edition – “Red vs. Blue: Modern Active Directory Attacks & Defense” (v4)
DEF CON 23 (August 2015)
DEFCON 23 2015 Slides (PDF)
DEF CON 23 Presentation Video (YouTube)

Black Hat Edition – “Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection” (v3)
Black Hat USA 2015 (August 2015)
Black Hat USA 2015 Slides (PDF)
Black Hat Presentation Video (YouTube)

“Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection” (v2)
Shakacon VII (July 2015)
Shakacon 2015 Slides (PDF)
Shakacon Presentation Video (YouTube)

 


Kerberos Forged Ticket Indicators

Can you tell if your Active Directory network has been compromised by attackers? Check out these handy tips from DAn Solutions Chief Technology Officer, Sean Metcalf, on how to identify if your Kerberos tickets are being forged.

Updated 1/5/2015: Detecting Forged Kerberos Tickets


Modern Active Directory Attacks: Detection and Prevention (a discussion by DAn Solutions CTO, Sean Metcalf)

DAn Solutions presents April 11th at BSidesCharm 2015 on “Red Vs Blue: Modern Active Directory Attacks, Detection, & Protection.