Beyond the MCSE - Active Directory for the Security Professional

Explore a comprehensive 50-minute Black Hat conference talk that delves deep into Active Directory (AD) security for both Red and Blue teams. Learn critical AD components essential for security professionals to effectively defend against attacks. Gain immediately useful and actionable information to better secure enterprise resources. Examine areas targeted by attackers, including recently patched vulnerabilities like the Kerberos vulnerability (MS14-068) and Group Policy Man-in-the-Middle (MS15-011 & MS15-014). Discover differing perspectives on AD from administrators, attackers, and infosec professionals. Understand the distinctions between forests and domains, and how multi-domain AD forests impact overall security. Investigate trust relationships, available security features, and their effects on attack techniques. Explore AD database format, files, and object storage, including password data. Analyze Read-Only Domain Controllers (RODCs), their security impact, and potential implementation issues. Uncover key Domain Controller information exploited by attackers. Review the evolution of Windows authentication protocols and their weaknesses, including Microsoft's next-generation credential system, Microsoft Passport. Compare security postures between on-premises AD and cloud-based solutions like Microsoft Azure AD and Office 365. Examine crucial AD security features in the latest Windows OS versions, discussing their benefits and implementation challenges. Go beyond standard MCSE material to gain a deeper understanding of AD's inner workings and its relationship to enterprise security.

Beyond the Mcse: Active Directory for the Security Professional