A Follow-Up on the Heisec Webinar on Emotet & Some Active Directory Security Sources

Some weeks ago, Heinrich and I had the pleasure to participate in the heisec-Webinar “Emotet bei Heise – Lernen aus unseren Fehlern”. We really enjoyed the webinar and the (alas, due to the format: too short) discussions and we hope we could contribute to understand how to make Active Directory implementations out there a bit safer in the future.

Now, I have the pleasure to announce a continuation of our talk about Active Directory security next week, Wednesday, 14th of August @heisec in the format of a technical talk “Emotet bei Heise – Online-Fachgespräch zum Schutz vor Cybercrime”. Seats are still available 😉

Let me to take the opportunity to provide some more sources on Active Directory Security from our colleagues and ourselves. Please allow a bit of self plug ;-).

We regularly give talks about the topic, most recently these ones:

The latter is from the 2018 edition of the “Active Directory Security Summit”, a full-day event which brings together AD security practitioners and experts from the field in a round table format, incl. case study presentations from large organizations. We’ll announce the date and details of the 2019 edition soon.

Furthermore we’re the organizers of the “AD Security Track” at the annual Troopers conference taking place in Heidelberg. To give you an idea of the content (and the atmosphere) of that track you may look at these two blog posts by JD/@SadProcessor from the ERNW AD Sec team:

All videos from the #TR19 AD Sec track can be found here. In case you’re interested in BloodHound there’s another piece JD wrote and which might be of interest for you: “The Dog Whisperer’s Handbook. A Hacker’s Guide to the BloodHound Galaxy” to be found here.

At Troopers usually a number of AD & Windows Security related trainings take place, either given by experts we invite or by ourselves, like these ones (list from the most recent edition #TR19):

The guys who provided the last training from that list, Alex and Dominik, also members of my team 🙂 , maintain the Windows-Insight repository which contains a number of technical articles on the inner working principles of Windows (plus some analysis tools). They’ve also heavily contributed to the technical report on Windows Telemetry which the Bundesamt für Sicherheit in der Informationstechnik has published in 2018.

In case you’re interested in one of the above trainings you may either look at the offerings of our partner HM Training Solutions (e.g. next edition of “Hardening Microsoft Environments” takes place in Berlin on September 25 & 26) or you may contact us for an in-house edition.

In addition to providing trainings we regularly publish technical whitepapers on Windows & AD security related topics. Here’s some which may be of interest:

Last but not least we maintain one of the major Twitter accounts on AD security topics. It’s called DirectoryRanger and it’s named after the AD audit & reporting tool for complex environments which we have developed.

Enjoy the weekend 😉