Top Active Directory Attacks - Understand, then Prevent and Detect

Explore the most prevalent and potent Active Directory attacks in this 40-minute RSA Conference talk by Jeff McJunkin, Founder of Rogue Valley Information Security. Gain crucial insights into how hackers exploit enterprise vulnerabilities, and learn effective strategies to prevent and detect these threats. Delve into topics such as the Lockheed Martin Cyberkill Chain, internal access risks, password spraying, credential stuffing, DNS fallback abuse, and Kerberos roasting. Discover practical preventive and detective controls, including password protection measures, printer security, and sensitive file management. Equip yourself with the knowledge to strengthen your organization's Active Directory defenses and stay one step ahead of attackers.

Introduction
Agenda
Different ways of conceptualizing breaches
Lockheed Martin Cyberkill Train trademark
What every attacker or attack needs
Internal access
Why internal access
A 10000 employee company
Twitter breach
Finding the right data
X filtration
Ransomware
High Level Picture
Prevent vs Detect
Safes
Assume Breach
Realistic Threat Model
Password Spraying
Single Factor Authentication
Credential Stuffing
File Sharing
dns fallback abuse
Look printers
Kerberos roasting
What are kerberos
normal flow
analogies
authentication
ticket granting
service ticket
kerberos steam
preventive detective controls
password protection
printers
sensitive files
longterm action
fallback abuse
Jeff