Generally speaking, I’m more of a Cat type of guy, but I have to say I really love BloodHound. And if you do too, you are in for a treat…
Last week, the ERNW Insight Active Directory Security Summit took place in Heidelberg. (More Info)
For this occasion, @Enno_Insinuator asked me if I would like to deliver a BloodHound Workshop, and of course I accepted the challenge…
I have the pleasure to announce the Active Directory Security Summit 2018 at 13th. of November of 2018. The summit covers current Active Directory security related topics such as challenging tasks of hybrid Active Directory operations as well as new security best practices and some ‘evergreens’ – Admin Tiering implementations (what about Exchange and DNS…??), ESAE operations etc. 😉 Continue reading “Active Directory Security Summit 2018, 13th. of November of 2018”
This is the first post discussing talks of the Active Directory Security Track of this year’s Troopers which took place last week in Heidelberg (like in the last nine years ;-). It featured, amongst others, a new track focused on Microsoft AD and its security properties & implications. This was the agenda.
The following post is in German as it is covering an Event with German as the main language.
INSIGHT SUMMIT 2017 präsentiert Active Directory Security & Secure Operations
Inspiriert durch die erfolgreichen Round Table Sessions der TROOPERS freuen wir uns Ihnen heute mit dem Active Directory Insight Summit 2017 eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen.
Die Veranstaltung beginnt am Morgen mit einer Hinführung zum Thema Active Directory Sicherheit gefolgt von Fallstudien und Vorträgen durch interne und externe Referenten aus Wirtschaft und Industrie. Im Anschluss werden alle Teilnehmer in zwei Gruppen aufgeteilt, die nacheinander an beiden Round Table Sessions teilnehmen (jeder Teilnehmer kann an beiden Sessions teilnehmen). In den Round Table Sessions werden unter Expertenmoderation typische Problemstellungen und Lösungsansätze diskutiert.
In the last few years, attack techniques which fall in the categories of “Credential Theft” or “Credential Reuse” have grown into one of the biggest threats to Microsoft Windows environments. Microsoft has stated more than one time, that nearly almost all of their customers that run Active Directory have experienced “Pass-the-Hash” (PtH) attacks recently. Once an attacker gains an initial foothold on a single system in the environment it takes often less than 48 hours until the entire Active Directory infrastructure is compromised. To defend against this kind of attacks, a well-planned approach is required as part of a comprehensive security architecture and operations program. As breach has to be assumed, this includes a preventative mitigating control strategy, where technical and organizational controls are implemented, as well as preparations against insider attacks. This is mainly achieved by partitioning the credential flow in order to firstly limit their exposure and secondly limit their usefulness if an attacker was able to get them. Although we spoke last year at Troopers 15 about “How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise”, we would like to summarize exemplary later in this post Active Directory pentest findings that we classified in four categories in order to better understand what goes typically wrong and thus has to be addressed. For a better understanding of the overall security goals, we classified the findings as to belonging as a security best practice violation of the following categories: Continue reading “TROOPERS16 Training Teaser: Dos and Don’ts of Secure Active Directory Administration”
This year’s Black Hat US saw a number of quite interesting talks in the context of Windows or Active Directory Security. For those of you too lazy to search for themselves 😉 and for our own Windows/AD Sec team (who couldn’t send anyone to Vegas due to heavy project load) I’ve compiled a little list of those.