Hidden Active Directory Misconfigurations: Red Team Style

Presented by

Andrew Holden Oliveau, Consultant, Mandiant

About this talk

Active Directory is the most common on-premises identity provider solution for organizations around the globe. With the rise of cloud adoption, it is now frequently used in a cloud/on-premises hybrid model to manage and sync user identities between the environments. Over the last year, Mandiant has observed a higher volume of misconfigurations with Active Directory and hybrid identity models which resulted in successful vertical privilege escalation and stealthy persistence. These configuration missteps put organizations at a higher risk for harmful compromise, which calls for increased focus on hardening Active Directory setup and processes. Join Andrew, one of Mandiant’s frontline consultants, as he walks us through an Active Directory attack lifecycle—Red Team style. Topics of discussion will include: • Modern attacker TTPs for Active Directory • Hidden misconfigurations that can lead to domain compromise • Dangers associated from this type of compromise • Proven mitigation strategies and recommendations
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (372)
Subscribers (122613)
Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.