This is the first post discussing talks of the Active Directory Security Track of this year’s Troopers which took place last week in Heidelberg (like in the last nine years ;-). It featured, amongst others, a new track focused on Microsoft AD and its security properties & implications. This was the agenda.Continue reading
A new ERNW whitepaper was just published. I wrote this whitepaper in the course of my bachelor thesis and it examines multi-factor authentication in Microsoft Windows environments: Continue reading “White Paper on Multi-Factor Authentication in Microsoft Windows Environments”Continue reading
The following post is in German as it is covering an Event with German as the main language.
INSIGHT SUMMIT 2017 präsentiert Active Directory Security & Secure Operations
Inspiriert durch die erfolgreichen Round Table Sessions der TROOPERS freuen wir uns Ihnen heute mit dem Active Directory Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.
Die Veranstaltung beginnt am Morgen mit einer Hinführung zum Thema Active Directory Sicherheit gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus Wirtschaft und Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.
In the last few years, attack techniques which fall in the categories of “Credential Theft” or “Credential Reuse” have grown into one of the biggest threats to Microsoft Windows environments. Microsoft has stated more than one time, that nearly almost all of their customers that run Active Directory have experienced “Pass-the-Hash” (PtH) attacks recently. Once an attacker gains an initial foothold on a single system in the environment it takes often less than 48 hours until the entire Active Directory infrastructure is compromised. To defend against this kind of attacks, a well-planned approach is required as part of a comprehensive security architecture and operations program. As breach has to be assumed, this includes a preventative mitigating control strategy, where technical and organizational controls are implemented, as well as preparations against insider attacks. This is mainly achieved by partitioning the credential flow in order to firstly limit their exposure and secondly limit their usefulness if an attacker was able to get them. Although we spoke last year at Troopers 15 about “How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise”, we would like to summarize exemplary later in this post Active Directory pentest findings that we classified in four categories in order to better understand what goes typically wrong and thus has to be addressed. For a better understanding of the overall security goals, we classified the findings as to belonging as a security best practice violation of the following categories: Continue reading “TROOPERS16 Training Teaser: Dos and Don’ts of Secure Active Directory Administration”Continue reading
This year’s Black Hat US saw a number of quite interesting talks in the context of Windows or Active Directory Security. For those of you too lazy to search for themselves 😉 and for our own Windows/AD Sec team (who couldn’t send anyone to Vegas due to heavy project load) I’ve compiled a little list of those.Continue reading
MS just released a new guide on securing Active Directory. At the first glance seems a fairly comprehensive document to me.
At this occasion I may furthermore draw your attention to our (German language) newsletter no. 40 covering hardening MS Windows Server 2008 + AD.
have a good one,