YoVDO

Bypassing Microsoft Defender for Identity

Offered By: BruCON Security Conference via YouTube

Tags

BruCON Courses Cybersecurity Courses Lateral Movement Courses Kerberoasting Courses Remote Code Execution Courses

Course Description

Overview

Explore techniques for bypassing Microsoft Defender for Identity (MDI) in this 55-minute conference talk from BruCON 0x0E. Dive into the workings of MDI, a service protecting on-premises Active Directory identities, and learn about its detection capabilities across various attack phases. Discover Tactics, Techniques, and Procedures (TTPs) that Red Teams can employ to avoid triggering anomaly detections while executing high-impact attacks. Cover topics such as Kerberoasting, lateral movement, domain dominance, DCSync, remote code execution, and Golden Ticket attacks. Gain insights into precision-based attack methods that can potentially circumvent MDI sensors in target environments, ultimately enhancing your understanding of on-premises identity security and potential vulnerabilities.

Syllabus

Introduction
About Nikhil Mittal
Agenda
What is MDI
MDI Discussion
TTP Discussion
Triggers
Alert
Kerberos
Lateral Movement
Domain Dominance
DC Sync
Remote Code Execution
Domain Controllers
Golden Ticket
Response Actions


Taught by

BruCON Security Conference

Related Courses

Threat Hunting with Windows Event Forwarding
Cybrary Enterprise Security Fundamentals
Microsoft via edX Exploitation and Post-exploitation with Metasploit
Pluralsight Lateral Movement with CrackMapExec
Pluralsight Lateral Movement with Infection Monkey
Pluralsight