“Credential Theft” or “Credential Reuse” attack techniques are the biggest known threats to Active Directory environments. This can be attributed to significant advances in and broad distribution of attack and reconnaissance tools such as mimikatz or Bloodhound. This means that after the first system in an environment is compromised it often takes less than 48 hours for a complete compromise of an Active Directory but unfortunately typically 8 to 9 months until the attack is discovered.
In our training we present various technical and organizational controls to protect the Active Directory as well as individual critical Windows systems, as a whole against credential theft to prolong the time an attacker would need for a complete compromise. Additionally, controls to detect the unauthorized use of stolen credentials at an early stage to initiate appropriate countermeasures are introduced.
As there needs to be a solid understanding of attack mechanisms to effectively protect against them, our training starts with a technical deep dive in authentication mechanisms in Microsoft Windows environments.
On the basis of this knowledge relevant vulnerabilities and threats, including the resulting attack techniques, will be described. These range from simple Pass-the-Hash, to complex types such as the so-called Golden Ticket. By means of practical exercises all relevant attacks are performed by the participants to give a fundamental understanding of the attacker side.
After the threats and risks are formulated on the first day, appropriate controls are presented to limit the effectiveness of credential theft and credentials re-use on the second day. These apply on the design level, as well as on procedural and technical levels.
When discussing the controls, it is expanded onto the effectiveness of them, as well as the operational feasibility. Special focus lies on the security monitoring in the Active Directory, as it plays a decisive role in the detection and risk reduction of possible credential theft attacks.
After completing the training every participant has a solid understanding of modern attack techniques against Microsoft Windows Environments as well as knowledge about controls against them which includes the ability to evaluate their usefulness and costs for the own environment.
If this training sounds right for you, check it out on TROOPERS!
Cheers,
Nina & Florian