Overlooked tactics for attacking hardened Active Directory environment

BSidesLV 2018

Presented by: Pipe Rodanant (Yothin), Joshua Theimer, Hao Wang
Date: Wednesday August 08, 2018
Time: 17:00 - 17:55
Location: Breaking Ground

Cyber-attackers have been very successful at rapidly gaining administrative access to Enterprise Active Directory environments. Microsoft Enhanced Security Administrative Environment (ESAE) known as “Red Forest” has become a very popular architecture solution to enhance the security of Active Directory for the past few years. It is designed to limit exposure of administrative credentials via hardened admin environment and credentials partitioning. Can ESAE be used to completely prevent cyber attackers from compromising Active Directory and obtain domain dominance? How do organizations better secure ESAE? In this talk, we will demonstrate multiple overlooked tactics, techniques and procedures (TTPs) that can be used to escalate privileges and move laterally within the hardened Active Directory environment, and conclude the presentation with strategic countermeasures. We want to use this talk to educate the industry and arm Enterprise defenders with the knowledge to enhance the security controls of Active Directory.

Hao Wang

Pipe Rodanant

Joshua Theimer


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats