Attacks against Active Directory have been steadily increasing in the last few years. This is because Active Directory holds all domain joined user and machine credentials and permissions, making it a prime target for attackers. Interestingly, a lot of these attacks start by initially compromising an account. In a lot of cases this account doesn’t have a lot of permissions (such as a standard user account), but does allow for thorough enumeration of the AD environment to find misconfigurations and elevate privileges. This brings me to the importance of managing passwords in an Active Directory/ Azure Active Directory environment. AD Passwords are used with computer accounts, user accounts, trusts, service accounts, and more. Microsoft has provided both guidance and technical capability to natively protect these passwords in various ways to shrink the attack surface of the environment. We will review the various situations where account credentials are commonly compromised, the native Microsoft solutions to mitigate the compromise, and when it is appropriate to use which mitigation.
Intervenants
Darryl Baker is an Army veteran of twelve years who specialized in weapons instruction before transitioning over to security. He has ten years of experience working in Windows domains in various roles and has spent the last two specializing in Microsoft security with a focus on Active Directory (AD). He has hosted AD CFPs online and at in-person conferences and has written multiple tools and scripts for both discovering Active Directory vulnerabilities and defending against attacks.