(Spoiler alert) During a cyber-attack, the Active Directory is one of favourite target in every firm. Very, very (very) often, to not say always, the active directory is compromised … Sadly, pentester or attacker often exploit the same obvious vulnerabilities to bounce and perform a privilege escalation. Come learn how to exploit and mitigate them. With something a little different, we are convinced that most common attacks against Active Directory could be prevent.
Remi Escourrou (@remiescourrou) is senior security consultant at Wavestone. For four years, he has been developing his skills as a pentester of IT infrastructure, red teamer and more specifically on Active Directory environment. He is also involved in the CERT-W as First Responder and already saw the other side of the attack.
Nicolas Daubresse (@nicolas_dbresse) is senior security consultant at Wavestone. For four years, he has mainly performed penetration tests on global IT infrastructure and Active Directory environments. Involved in the CERT-W, he also had the occasion to see the other side of the attack and saw these vulnerabilities exploited in the wild.