Explore a comprehensive conference talk on protecting Active Directory from credential theft and compromise. Dive into Windows authentication mechanisms, various key types, and Kerberos authentication processes. Learn about trust anchors and different attack techniques like Pass the Hash, Pass the Ticket, and Golden Ticket. Examine the attacker's perspective and understand self-made Kerberos implementations. Discover essential prerequisites, capabilities, and witness a live demonstration. Gain insights into effective mitigation strategies, including high-level steps, administrative models, and technical configurations. Understand the benefits of implementing an Admin Tier Model and evaluate mitigation techniques. Conclude with valuable takeaways for enhancing Active Directory security in your organization.
Overview
Syllabus
Intro
Windows Authentication
Key Types
Pack
Kerberos Authentication
Trust Anchor
Pass the Hash
Pass the Ticket
Pass the Service Ticket
Export the Service Ticket
From the attackers perspective
Selfmade kerberos
Golden Ticket
Change Password
Prerequisites
Capabilities
Demo
Mitigations
The Good News
HighLevel Steps
Administrative Model
Technical Configurations
Local Accounts
Benefits
Admin Tier Model
Mitigation
Mitigation Evaluation
Conclusion
Taught by
WEareTROOPERS
Related Courses
-
Active Directory Attacks Series
-
Pass the Hash and Other Credential Theft - Reuse - Mitigating Risk
-
Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement
-
Fun with LDAP and Kerberos - Attacking AD from Non-Windows Machines
-
Abusing Microsoft Kerberos - Sorry You Guys Don't Get It
-
My Quest for Privileged Identity to Own Your Domain
