Explore techniques for bypassing Microsoft Defender for Identity (MDI) in this 55-minute conference talk from BruCON 0x0E. Dive into the workings of MDI, a service protecting on-premises Active Directory identities, and learn about its detection capabilities across various attack phases. Discover Tactics, Techniques, and Procedures (TTPs) that Red Teams can employ to avoid triggering anomaly detections while executing high-impact attacks. Cover topics such as Kerberoasting, lateral movement, domain dominance, DCSync, remote code execution, and Golden Ticket attacks. Gain insights into precision-based attack methods that can potentially circumvent MDI sensors in target environments, ultimately enhancing your understanding of on-premises identity security and potential vulnerabilities.
Overview
Syllabus
Introduction
About Nikhil Mittal
Agenda
What is MDI
MDI Discussion
TTP Discussion
Triggers
Alert
Kerberos
Lateral Movement
Domain Dominance
DC Sync
Remote Code Execution
Domain Controllers
Golden Ticket
Response Actions
Taught by
BruCON Security Conference
