Black Hat NEWS: BEYOND THE MCSE: ACTIVE DIRECTORY FOR THE SECURITY PROFESSIONAL

Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities. This means that both Red and Blue teams need to have a better understanding of Active Directory, it’s security, how it’s attacked, and how best to align defenses.

This presentation covers key Active Directory components which are critical for security professionals to know in order to defend AD. Properly securing the enterprise means identifying and leveraging appropriate defensive technologies. The provided information is immediately useful and actionable in order to help organizations better secure their enterprise resources against attackers. Highlighted are areas attackers go after including some recently patched vulnerabilities and the exploited weaknesses. This includes the critical Kerberos vulnerability (MS14-068), Group Policy Man-in-the-Middle (MS15-011 & MS15-014) and how they take advantages of AD communication.

Some of the content covered:

  • Differing views of Active Directory: admin, attacker, and infosec.
  • The differences between forests and domains, including how multi-domain AD forests affect the security of the forest.
  • Dig into trust relationships and the available security features describing how attack techniques are impacted by implementing these trust security features.
  • AD database format, files, and object storage (including password data).
  • Read-Only Domain Controllers (RODCs), security impact, and potential issues with RODC implementation.
  • Key Domain Controller information and how attackers take advantage.
  • Windows authentication protocols over the years and their weaknesses, including Microsoft’s next-generation credential system, Microsoft Passport, and what it means for credential protection.
  • Security posture differences between AD on-premises and in the cloud (Microsoft Azure AD vs Office 365).
  • Key Active Directory security features in the latest Windows OS versions – the benefits and implementation challenges.

Let’s go beyond the standard MCSE material and dive into how Active Directory works focusing on the key components and how they relate to enterprise security.

 

Sean Metcalf
Source: BlackHat NEWS CONFERENCE

About heritier kandolo

CEO at rootandadmin Administrateur Systèmes et Réseaux Spécialiste en : • Langage de Script : Bash, PowerShell, AppleScript • Maintenance : Systèmes, Réseaux, Ordinateurs Maitrise : • Microsoft Certified Solution Associate MCSA Windows Server 2012 • Microsoft Certified Trainer MCT • Microsoft Office Master : Office 2013 • Microsoft Technology Associate: Windows Server Administration Fundamentals • Microsoft Technology Associate: Networking Fundamentals • Microsoft Technology Associate: Cloud Fundamentals • GNU Linux • Latex (Pour le traitement de texte) • MacOs

Check Also

(Français) Installer Azure CLI 2.0

Sorry, this entry is only available in French.

Leave a Reply

Your email address will not be published. Required fields are marked *