Bypassing Microsoft Defender for Identity
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore techniques for bypassing Microsoft Defender for Identity (MDI) in this 55-minute conference talk from BruCON 0x0E. Dive into the workings of MDI, a service protecting on-premises Active Directory identities, and learn about its detection capabilities across various attack phases. Discover Tactics, Techniques, and Procedures (TTPs) that Red Teams can employ to avoid triggering anomaly detections while executing high-impact attacks. Cover topics such as Kerberoasting, lateral movement, domain dominance, DCSync, remote code execution, and Golden Ticket attacks. Gain insights into precision-based attack methods that can potentially circumvent MDI sensors in target environments, ultimately enhancing your understanding of on-premises identity security and potential vulnerabilities.
Syllabus
Introduction
About Nikhil Mittal
Agenda
What is MDI
MDI Discussion
TTP Discussion
Triggers
Alert
Kerberos
Lateral Movement
Domain Dominance
DC Sync
Remote Code Execution
Domain Controllers
Golden Ticket
Response Actions
Taught by
BruCON Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network