I know what your AD did last summer…!
We are used to talk about & examine how they got it, and what they took out, but not as much about how they moved laterally, reconned for assets & entities internally, achieved persistence & escalated privileges. Active Directory is running ~95% of the world’s organizations identity management and access control. AD Security has come a long way in three decades, with new attacks and creative attack paths found constantly, including evasive ‘game over’ moves such as a forged offline TGT, aka “golden ticket”. Take a dive into multiple “mini research” projects derived from dozens of AD Forensics hands-on incidents, hunting for clues in an enterprise without AD logs (wiped), with open source tools. We will also share advise for both Red & Blue teams on how to beat each other 🙂
Yossi Sassi is an InfoSec Researcher, haכk3r and Chief Security Architect at 10Root Cyber Security, and world-renowned guitarist & musical producer. Since the early 1990s, Sassi has accumulated extensive experience in information security, adversary simulations/Red-Blue teams training, conducting internal IT investigations, DF/IR and more. Worked for Microsoft ~8 years as Technology Group Manager and coded tools for Windows Server. Member at Javelin Networks (acquired by Symantec in 2018). Spoke at TED and TEDx events, and was awarded 4 Peace and friendship awards by cities and governments around the world.