Threat Hunting in Active Directory Environment

Explore advanced threat hunting techniques in Active Directory environments through this 37-minute Black Hat conference talk. Delve into Mandiant's investigations of attacker privilege escalation, lateral movement, and persistence methods. Learn about backdoors and misconfigurations exploited for long-term privileged access. Examine the challenges in recognizing and remediating these techniques, influenced by control adoption and attacker sophistication in APJ. Gain in-depth knowledge of methods used by attackers to maintain persistence, covertly elevate privileges, and control Active Directory-managed systems. Cover topics including delegation, PowerShell configuration, detecting RBCD, BS replication, and machine account registry persistence. Presented by Anurag Khanna and Thirumalai Natarajan Muthiah, this talk provides valuable insights for cybersecurity professionals seeking to enhance their threat hunting capabilities in Active Directory environments.

Introduction
What is Delegation
PowerShell Configuration
Detecting
RBCD
How to use RBCD
Detecting RBCD
BS Replication
Configuration
Detect
Persistence
Machine Account
Registry
Detection