How to Efficiently Protect AD from Credential Theft & Compromise

Explore a comprehensive conference talk on protecting Active Directory from credential theft and compromise. Dive into Windows authentication mechanisms, various key types, and Kerberos authentication processes. Learn about trust anchors and different attack techniques like Pass the Hash, Pass the Ticket, and Golden Ticket. Examine the attacker's perspective and understand self-made Kerberos implementations. Discover essential prerequisites, capabilities, and witness a live demonstration. Gain insights into effective mitigation strategies, including high-level steps, administrative models, and technical configurations. Understand the benefits of implementing an Admin Tier Model and evaluate mitigation techniques. Conclude with valuable takeaways for enhancing Active Directory security in your organization.

Intro
Windows Authentication
Key Types
Pack
Kerberos Authentication
Trust Anchor
Pass the Hash
Pass the Ticket
Pass the Service Ticket
Export the Service Ticket
From the attackers perspective
Selfmade kerberos
Golden Ticket
Change Password
Prerequisites
Capabilities
Demo
Mitigations
The Good News
HighLevel Steps
Administrative Model
Technical Configurations
Local Accounts
Benefits
Admin Tier Model
Mitigation
Mitigation Evaluation
Conclusion