In previous years, the idea of Active Directory (AD) being a target as part of a larger cyberattack felt more like it was possible in concept than in actual use. Why? Because of the lack of sharing information and news coverage about whether AD played a role and, if so, how it was used. But as the need for threat intelligence has grown, attacks involving AD have come into the limelight, providing insight into the tactics, techniques, and processes used to take advantage of vulnerabilities found in AD.
Modern attacks see hacking AD as a necessary step to garnering the elevated privileges necessary to carry out widespread ransomware attacks, access sensitive data, ensure steal and persistence, and control the attack’s outcome.
The MITRE ATT&CK Framework provides some practical guidance on exactly how ransomware perpetrators are hacking AD and using it to assist in furthering attacks. The framework also serves as a reference point to both identify where your AD is most vulnerable and what best practices should be put in place to mitigate risk.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia will first discuss:
• The state of attacks on AD on-prem
• Real-world examples of how AD was attacked and leveraged
• What MITRE has to say about AD-specific attack TTPs
• Best practices for increasing AD security
Nick will then be joined by Bryan Patton, CISSP and Principal Strategic Systems Consultant from Quest who will demonstrate some real-world AD attack methods, including:
• Registering a Rogue Domain Controller
• Forging Golden Ticket
• Modifying Domain Policy
Bryan will also demonstrate how to detect these TTPs using various log and event sources to help speed up incident response.
Modern attacks see hacking AD as a necessary step to garnering the elevated privileges necessary to carry out widespread ransomware attacks, access sensitive data, ensure steal and persistence, and control the attack’s outcome.
The MITRE ATT&CK Framework provides some practical guidance on exactly how ransomware perpetrators are hacking AD and using it to assist in furthering attacks. The framework also serves as a reference point to both identify where your AD is most vulnerable and what best practices should be put in place to mitigate risk.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia will first discuss:
• The state of attacks on AD on-prem
• Real-world examples of how AD was attacked and leveraged
• What MITRE has to say about AD-specific attack TTPs
• Best practices for increasing AD security
Nick will then be joined by Bryan Patton, CISSP and Principal Strategic Systems Consultant from Quest who will demonstrate some real-world AD attack methods, including:
• Registering a Rogue Domain Controller
• Forging Golden Ticket
• Modifying Domain Policy
Bryan will also demonstrate how to detect these TTPs using various log and event sources to help speed up incident response.