Domain Persistence - Detection, Triage, and Recovery

Explore offensive tradecraft for establishing elevated persistence in Active Directory environments in this 44-minute conference talk. Gain insights into both offensive and defensive considerations, covering the operational flow of technique execution. Learn how to detect, triage, and recover from identified domain persistence techniques. Dive deep into Active Directory domain persistence techniques, focusing on identifying attacks and reclaiming control over organizational domains after a breach. Discover post-compromise strategies, including steps for rotating domain secrets and enhancing Windows Security event auditing to better detect domain persistence activities. Use this presentation as a starting guide for critical technique detection generation and organizational recovery scenarios, presented by Joshua Prager at BSides SATX on June 8, 2024, from 15:00 to 15:45 in Track 1 (UC Conference Room A).