Attacking & Defending Active Directory Workshop
Date: Thursday, April 2nd at 11am PT / 2pm ET
Attacker: Andy Robbins | Adversary Resilience Lead at SpecterOps (Co-creator of BloodHound)
Defender: Darren Mar Elia | VP of Products at Semperis (GPO Guy)
How do you defend Active Directory, aka the “keys to the kingdom,” if you don’t know where the attacks are coming from? Hackers constantly find new ways to break into AD. And once inside, they’re increasingly adept at covering their tracks to silently create backdoors and establish persistent privileged access.
In this workshop, we’ll demonstrate real-world attacks that are frequently used against AD, including credential theft, Kerberos-based attacks, Group Policy-based attacks, and ACL attacks.
The expert presenters will play out both perspectives: attacker and defender. This is a red vs. blue standoff, so don’t expect a bunch of slideware.
During this workshop, we'll demonstrate:
- Ways that hackers can exploit AD in every stage of the cyber kill chain
- Common AD hacking and discovery tools such as Mimikatz, PowerSploit, and BloodHound
- Proactive steps to identify vulnerabilities in your AD configuration
- Strategies to harden your AD so that hackers don’t have an easy path to Domain Admins
About the presenters:
Andy Robbins, Adversary Resilience Lead at SpecterOps (Co-creator of BloodHound)
Andy is an active red teamer and co-author of BloodHound, a tool designed to reveal the hidden and unintended permission relationships in Active Directory domains. He has performed numerous red team operations and penetration tests against banks, credit unions, health-care providers, defense companies, and other Fortune 500 companies across the world. He has presented at DEF CON, BSides Las Vegas, DerbyCon, ekoparty, and actively researches Active Directory security. He is also a veteran Black Hat trainer.
Darren Mar Elia ,VP of Products at Semperis (GPO Guy)
A 14-year Cloud and Datacenter Microsoft MVP, Darren has a wealth of experience in Identity and Access Management and was the CTO and founder of SDM software, a provider of Microsoft systems management solutions. Prior to launching SDM, Darren held senior infrastructure architecture roles in Fortune 500 companies and was also the CTO of Quest Software. As a Microsoft MVP, Darren has contributed to numerous publications on Windows networks, Active Directory and Group Policy, and was a Contributing Editor for Windows IT Pro Magazine for 20 years.