Forging Trusts for Deception in Active Directory

Explore advanced Active Directory deception techniques in this BruCON Security Conference talk. Learn how to forge and implant computers, domain, and forest objects to target attacker methodologies and enhance network defense. Discover open-source scripts for deploying these techniques, and witness live demonstrations showcasing their effectiveness across the enterprise attack cycle. Gain insights into creating deceptive user accounts, manipulating audit policies, and implementing decoy properties to trap adversaries during enumeration and lateral movement phases. Understand how to identify and avoid deception while anticipating potential outcomes in this comprehensive exploration of trust forging for Active Directory security.

Introduction
What is Deception
How attackers use Deception
Kill Chain Diagram
decoy properties
Forging Trusts
Enumeration Phase
Advanced Audit Policy
Audit Rights
Deploy Deception
Create Deception User
Decrease Verbosity
Elder Tools
Demo
Computer Objects
Properties
Groups
Logs
Enumeration
Organizational Units
Master Slave Users
Assigning decoy users
Trust forests
Identifying Deception
How to Avoid Deception
What to Expect
Conclusion
Questions