Some weeks ago, Heinrich and I had the pleasure to participate in the heisec-Webinar “Emotet bei Heise – Lernen aus unseren Fehlern”. We really enjoyed the webinar and the (alas, due to the format: too short) discussions and we hope we could contribute to understand how to make Active Directory implementations out there a bit safer in the future.
Now, I have the pleasure to announce a continuation of our talk about Active Directory security next week, Wednesday, 14th of August @heisec in the format of a technical talk “Emotet bei Heise – Online-Fachgespräch zum Schutz vor Cybercrime”. Seats are still available 😉
Let me to take the opportunity to provide some more sources on Active Directory Security from our colleagues and ourselves. Please allow a bit of self plug ;-).
We regularly give talks about the topic, most recently these ones:
- “Top 11 Security Mistakes in Active Directory and How to Avoid Them”
- “Active Directory and Azure – Core Security Principles”
- “How to efficiently assess Active Directories of Any Scale with Directory Ranger, BloodHound and CypherDog”
- “Active Directory Core Security Principles & Best Practices”
The latter is from the 2018 edition of the “Active Directory Security Summit”, a full-day event which brings together AD security practitioners and experts from the field in a round table format, incl. case study presentations from large organizations. We’ll announce the date and details of the 2019 edition soon.
Furthermore we’re the organizers of the “AD Security Track” at the annual Troopers conference taking place in Heidelberg. To give you an idea of the content (and the atmosphere) of that track you may look at these two blog posts by JD/@SadProcessor from the ERNW AD Sec team:
All videos from the #TR19 AD Sec track can be found here. In case you’re interested in BloodHound there’s another piece JD wrote and which might be of interest for you: “The Dog Whisperer’s Handbook. A Hacker’s Guide to the BloodHound Galaxy” to be found here.
At Troopers usually a number of AD & Windows Security related trainings take place, either given by experts we invite or by ourselves, like these ones (list from the most recent edition #TR19):
- Hardening Microsoft Environments
- Hands-on BloodHound – Intro to Cypher Workshop
- Windows & Linux Binary Exploitation
- Windows PowerShell for Security Professionals
- Insight into Windows Internals
The guys who provided the last training from that list, Alex and Dominik, also members of my team 🙂 , maintain the Windows-Insight repository which contains a number of technical articles on the inner working principles of Windows (plus some analysis tools). They’ve also heavily contributed to the technical report on Windows Telemetry which the Bundesamt für Sicherheit in der Informationstechnik has published in 2018.
In case you’re interested in one of the above trainings you may either look at the offerings of our partner HM Training Solutions (e.g. next edition of “Hardening Microsoft Environments” takes place in Berlin on September 25 & 26) or you may contact us for an in-house edition.
In addition to providing trainings we regularly publish technical whitepapers on Windows & AD security related topics. Here’s some which may be of interest:
- Active Directory Trust Considerations (authored together with Christoph Kuderna from infoWAN)
- Some Recommendations Regarding Windows 10 Privacy Settings
- High-level Security Concept for End-of-life Windows Servers
Last but not least we maintain one of the major Twitter accounts on AD security topics. It’s called DirectoryRanger and it’s named after the AD audit & reporting tool for complex environments which we have developed.
Enjoy the weekend 😉