Red Vs. Blue - Modern Active Directory Attacks, Detection, And Protection
Overview
Dive into a comprehensive exploration of modern Active Directory attacks, detection methods, and protection strategies in this 49-minute Black Hat conference talk by Sean Metcalf. Learn about the evolution of Kerberos "Golden Tickets" and their impact on network security. Discover the latest attack vectors for gaining and maintaining administrative access in Active Directory, going beyond traditional "Pass-the-Hash" techniques. Explore effective defensive security measures and mitigation strategies to protect your organization from breaches. Gain insights into detecting Golden and Silver Ticket usage through identifying specific artifacts. Topics covered include attacker progression from zero to Domain Admin, the MS14-068 vulnerability, "SPN Scanning" with PowerShell, exploiting weak service account passwords, utilizing Mimikatz, and leveraging Silver Tickets for stealthy persistence. Learn to identify forged Kerberos tickets, detect offensive PowerShell tools, and understand PowerShell v5 security enhancements. Suitable for both Red Team and Blue Team members, this talk provides valuable information on Active Directory attack mitigation without requiring prior Kerberos expertise.
Syllabus
Red Vs. Blue: Modern Active Directory Attacks, Detection, And Protection
Taught by
Black Hat