YoVDO

Recertifying Active Directory Certificate Services

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Incident Response Courses Auditing Courses Active Directory Certificate Services Courses

Course Description

Overview

Explore the security implications of Microsoft's Active Directory Certificate Services (AD CS) in this Black Hat conference talk. Delve into the often-overlooked aspects of AD CS, including its potential for credential theft, machine persistence, domain escalation, and subtle domain persistence. Learn about certificate request processes, client authentication methods, and malicious certificate enrollments. Discover escalation scenarios, NTLM relay attacks, and golden certificate techniques. Gain insights into defensive strategies, including how to protect and audit AD CS implementations. Understand high-level architecture guidance and incident response procedures for AD CS-related security issues. Equip yourself with hunting techniques to identify and mitigate potential threats in your AD CS environment.

Syllabus

Introduction
Agenda
Background
Request a Certificate
Certificate Template
Client Authentication
Subject Alternative Name
Authentication to Active Directory
malicious certificate enrollments
Certify
Defenses
Escalation scenarios
Certificate templates
NTLM relay
How to protect
How to audit
Audit the NT auth certificates object
Golden certificates
Hunting techniques
Highlevel architecture guidance
Incident response


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube