Finding Our Path - How We're Trying to Improve Active Directory Security
Overview
Syllabus
Introduction
Welcome
Background
Prior Work
What is Bloodhound
Problem Solving
Two APIs
NetSession enum
NetLocalGroup enum
Matt Nelson
The New Way
Running Sharp Out
Bloodhound
Kerberos
Why is delegation needed
Resourcebased constrained delegation
Why does this matter
What does that mean in English
Bloodhound interface
Verify ACLs
DC Sync
What are we trying to do
John Lambert quote
Methodology
Objective
Privileges
Kerberos Sting
LowHanging Fruit
What about this
Objectives
Shortest Paths
All Attack Paths
Its extremely complicated
The shortest path
Analyzing all paths
Analyzing domain admins
Analyzing GPOs
Abusable ACLs
Inbound Object Control
Real Numbers
Whats Possible
Free and Open Source
Questions
Taught by
Black Hat