Listen Top Shows Blog

Weaponizing Active Directory

Weaponizing Active Directory

Update: 2019-08-01

Share

Description

Download slides: https://www.activecountermeasures.com/presentations
0:54 Background behind this webcast, what and why
7:02 Creating resources in Active Directory, User accounts, Groups, and Dummy Computer accounts
18:54 Tools, ResponderGuard, General flow of attacks, reconnaissance, deception and planted credentials
38:12 Password Spraying, honey users, kerbroast, and multicast DNS poisoning
47:20 Detection with CredDefense Kit, ResponderGuard, ResponderGuard Agent, and SQL Server abuse attacks
53:43 Q&A and Closing Thoughts

The 2019 Verizon DBIR indicates that over 50% of all breaches take a month or more to detect.

This webcast covers basic techniques to catch attackers attempting lateral movement and privilege escalation within your environment with the goal of reducing that Mean Time to Detect (MTTD) metric.

Using tactical deception, we will lay out strategies to increase the odds that an attacker will give away their presence early after initial compromise.

Join David Fletcher, BHIS tester, SANS instructor, an amazing presenter, for this Black Hills Webcast.

Comments

In Channel

In-Depth SILENTTRINITY Demo, Explanation & Walkthrough!

In-Depth SILENTTRINITY Demo, Explanation & Walkthrough!

2019-10-0701:00:08

Open Source Exploits in the Cloud's Big Data Services - Cloud TradeCraft

Open Source Exploits in the Cloud's Big Data Services - Cloud TradeCraft

2019-10-0758:49

Windows logging, Sysmon, and ELK

Windows logging, Sysmon, and ELK

2019-09-0459:35

Paul Clark explains Exfiltration and Software Derived Radio

Paul Clark explains Exfiltration and Software Derived Radio

2019-09-0308:14

Paul Clark explains coding SDR with Python

Paul Clark explains coding SDR with Python

2019-09-0317:06

How, Why, and Best Reasons to implement AppLocker

How, Why, and Best Reasons to implement AppLocker

2019-09-0304:56

Implementing Sysmon and Applocker

Implementing Sysmon and Applocker

2019-08-2101:00:09

Weaponizing Active Directory

Weaponizing Active Directory

2019-08-0158:28

Free Analytical Tools you can use today.... For Free!

Free Analytical Tools you can use today.... For Free!

2019-07-1907:50

Attack Tactics 7: The logs you are looking for.

Attack Tactics 7: The logs you are looking for.

2019-07-1854:54

Introducing: Backdoors & Breaches - Incident Response Card Game from Black Hills InfoSec

Introducing: Backdoors & Breaches - Incident Response Card Game from Black Hills InfoSec

2019-06-2753:58

BHIS Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail - Eavesarp (Tool Overview)

BHIS Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail - Eavesarp (Tool Overview)

2019-06-2445:17

STOP USING SEVEN CHARACTER PASSWORDS! #fixthefuture

STOP USING SEVEN CHARACTER PASSWORDS! #fixthefuture

2019-05-2404:07

BHIS Webcast: Attack Tactics 6! Return of the Blue Team

BHIS Webcast: Attack Tactics 6! Return of the Blue Team

2019-05-2457:44

Firewalls, Two Factor and Failure

Firewalls, Two Factor and Failure

2019-05-2402:51

BHIS Demo: FireProx and how it works!

BHIS Demo: FireProx and how it works!

2019-05-0909:22

BHIS Webcast: Weaponizing Corporate Intel. This Time, It's Personal!

BHIS Webcast: Weaponizing Corporate Intel. This Time, It's Personal!

2019-05-0101:00:50

Demo: Wireless Exfil Box w/ SDR (Paul Clark)

Demo: Wireless Exfil Box w/ SDR (Paul Clark)

2019-05-0105:23

BHIS Webcast: Building a Small and Flexible Wireless Exfiltration Box with SDR

BHIS Webcast: Building a Small and Flexible Wireless Exfiltration Box with SDR

2019-05-0101:02:47

BHIS Webcast: Attack Tactics 5! Zero to Hero Attack

BHIS Webcast: Attack Tactics 5! Zero to Hero Attack

2019-04-3001:02:28

00:00

00:00

x

Weaponizing Active Directory

Weaponizing Active Directory

Black Hills Information Security