Active Directory security: 8 (very) low hanging fruits and how to smash those attack paths

BSidesLV 2019

Presented by: Nicolas Daubresse, Remi Escourrou
Date: Tuesday August 06, 2019
Time: 14:00 - 17:55
Location: Training Ground

(Spoiler alert) During a cyber-attack, the Active Directory is one of favourite target in every firm. Very, very (very) often, to not say always, the active directory is compromised … Sadly, pentester or attacker often exploit the same obvious vulnerabilities to bounce and perform a privilege escalation. Come learn how to exploit and mitigate them. With something a little different, we are convinced that most common attacks against Active Directory could be prevent.

Remi Escourrou

Remi Escourrou (@remiescourrou) is senior security consultant at Wavestone. For four years, he has been developing his skills as a pentester of IT infrastructure, red teamer and more specifically on Active Directory environment. He is also involved in the CERT-W as First Responder and already saw the other side of the attack.

Nicolas Daubresse

Nicolas Daubresse (@nicolas_dbresse) is senior security consultant at Wavestone. For four years, he has mainly performed penetration tests on global IT infrastructure and Active Directory environments. Involved in the CERT-W, he also had the occasion to see the other side of the attack and saw these vulnerabilities exploited in the wild.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats