Overview
Explore a 26-minute Black Hat conference talk on leveraging graphs to enhance security in domain environments. Discover how defenders are shifting from list-based thinking to graph-based approaches to combat sophisticated attackers. Learn about tools like BloodHound and GoFetch, and examine prevention strategies involving vulnerable nodes and node disconnection. Delve into detection techniques using logon graphs and weighted logon graphs, complete with examples and a discussion of pros and cons. Gain insights into investigation methods and understand how graph-based thinking can revolutionize security practices in large-scale environments.
Syllabus
Intro
BLOODHOUND
GOFETCH
ATTACKERS VS. DEFENDERS ATTACKERS
HOW CAN DEFENDERS USE GRAPHS?
DATA SOURCES
PREVENTION: VULNERABLE NODES
PREVENTION: DISCONNECTING NODES
DETECTION: LOGON GRAPH
DETECTION: WEIGHTED LOGON GRAPH
DETECTION: EXAMPLE
DETECTION: PROS & cons
INVESTIGATION
Taught by
Black Hat