Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities. This means that both Red and Blue teams need to have a better understanding of Active Directory, it's security, how it's attacked, and how best to align defenses. This presentation covers key Active Directory components which are critical for security professionals to know in order to defend AD. Properly securing the enterprise means identifying and leveraging appropriate defensive technologies. The provided information is immediately useful and actionable in order to help organizations better secure their enterprise resources against attackers. Highlighted are areas attackers go after including some recently patched vulnerabilities and the exploited weaknesses. This includes the critical Kerberos vulnerability (MS14-068), Group Policy Man-in-the-Middle (MS15-011 & MS15-014) and how they take advantages of AD communication.
Some of the content covered:
Differing views of Active Directory: admin, attacker, and infosec.
The differences between forests and domains, including how multi-domain AD forests affect the security of the forest.
Dig into trust relationships and the available security features describing how attack techniques are impacted by implementing these trust security features.
AD database format, files, and object storage (including password data).
Read-Only Domain Controllers (RODCs), security impact, and potential issues with RODC implementation.
Key Domain Controller information and how attackers take advantage.
Windows authentication protocols over the years and their weaknesses, including Microsoft's next-generation credential system, Microsoft Passport, and what it means for credential protection.
Security posture differences between AD on-premises and in the cloud (Microsoft Azure AD vs Office 365).
Key Active Directory security features in the latest Windows OS versions - the benefits and implementation challenges.
Let's go beyond the standard MCSE material and dive into how Active Directory works focusing on the key components and how they relate to enterprise security.
Sean Metcalf is founder and principal security consultant of Trimarc, aninformation security consulting firm focused on improving enterprise security.He is one of about 100 people in the world who holds the Microsoft CertifiedMaster Directory Services (MCM) certification, is a Microsoft MVP, and haspresented on Active Directory attack and defense at BSides, Shakacon, BlackHat, DEF CON, and DerbyCon security conferences. Sean has provided ActiveDirectory and security expertise to government, corporate, and educationalentities since Active Directory was released. He currently provides securityconsulting services to customers and regularly posts interesting ActiveDirectory security information on his blog, ADSecurity.org. Follow him onTwitter @PyroTek3