Hi [[ session.user.profile.firstName ]]


  • Date
  • Rating
  • Views
  • How to Build Adversary Resilience into your Active Directory Environment
    How to Build Adversary Resilience into your Active Directory Environment
    Andy Robbins Recorded: Feb 8 2018 58 mins
    In every Active Directory environment exists a complex, dynamic, and often unseen web of user privileges and behaviors. Adversaries commonly exploit that web to gain progressively greater privileges until they finally reach their objective; meanwhile, defenders struggle to keep up, often lacking the tooling and insights to stay a step ahead of the attackers.

    During this webinar, we'll demonstrate several strategies you can implement to build resilience into your Active Directory environment using tools already built into Windows and Active Directory and free and open source tools like BloodHound. We'll also demonstrate how an Active Directory Adversary Resilience Assessment (ADARA) can help your enterprise achieve a highly-resilient Active Directory security posture through attack path identification and mitigation, remediation simulation and analysis, and critical landscape identification.
  • Cyber Threat Predictions & Security for 2018
    Cyber Threat Predictions & Security for 2018
    Diana Kelley | Mark Weatherford | Jon Green | David McGuire | Ashton Mozano Recorded: Dec 14 2017 61 mins
    With major breaches exposing the personal information of hundreds of millions of Americans and disruptive ransomware attacks shaking the world in 2017, we'll examine the lessons learned from these events as a guide to shape CISO strategy for 2018.

    This interactive Q&A panel with security industry experts will explore:
    - The biggest threats on the horizon
    - Key vulnerabilities and how to protect against them
    - Measures for breach prevention, detection and response
    - Which areas to focus on in 2018
    - Recommendations for CISOs

    - Diana Kelley, Cybersecurity Field CTO, Microsoft
    - David McGuire, CEO, SpecterOps
    - Ashton Mozano, CTO, Circadence
    - Mark Weatherford, Chief Cybersecurity Strategist, vArmour
    - Jon Green, VP and Chief Technologist for Security at Aruba, a Hewlett Packard Enterprise Company
  • An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
    An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
    Will Schroeder, Security Research / SpecterOps and Andy Robbins, Adversary Resilience Lead / SpecterOps Recorded: Aug 15 2017 61 mins
    Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise.

    While DACL misconfigurations can provide numerous paths that facilitate elevation of domain rights, they also present a unique chance to covertly deploy Active Directory persistence. It's often difficult to determine whether a specific AD DACL misconfiguration was set intentionally or implemented by accident. This makes Active Directory DACL backdoors an excellent persistence opportunity: minimal forensic footprint, and maximum plausible deniability.

    This talk will cover Active Directory DACLs in depth, our "misconfiguration taxonomy," and enumeration/analysis with BloodHound's newly released feature set. We will cover the abuse of AD DACL misconfigurations for the purpose of domain rights elevation, including common misconfigurations encountered in the wild. We will then cover methods to design AD DACL backdoors, including ways to evade current detections, and will conclude with defensive mitigation/detection techniques for everything described.
  • Catch Me If You Can - Red vs. Blue
    Catch Me If You Can - Red vs. Blue
    Will Schroeder and Jared Atkinson Recorded: Aug 10 2017 58 mins
    Attackers’ love for PowerShell is now no longer a secret, with 2016 producing an explosion in offensive PowerShell toolsets. PowerShell is gaining respect in offensive circles as “Microsoft’s Post-Exploitation Language” and being integrated into many offensive toolkits. Unfortunately, the offensive community often fails to research or share relevant mitigations with their defensive counterparts. This leaves many defenders without the information they need to protect themselves and their networks from these attacks. In a quest to combat the perceived threat, many defenders attempt to disable PowerShell rather than realizing its defensive potential.

    In this webinar, Will Schroeder (@harmj0y) and Jared Atkinson (@jaredcatkinson) will cover offensive and defensive PowerShell tools and techniques, including PowerPick, subversive PowerShell profiles, PowerForensics, and Get-InjectedThread. They will also cover mitigations and detections for popular offensive tools and techniques, demonstrating how to best handle the new offensive reality of widespread offensive PowerShell usage.

Embed in website or blog