Hidden Active Directory Misconfigurations: Red Team Style
Title: Hidden Active Directory Misconfigurations: Red Team Style
Presenters: Andrew Holden Oliveau, Consultant, Mandiant
Active Directory is the most common on-premises identity provider solution for organizations around the globe. With the rise of cloud adoption, it is now frequently used in a cloud/on-premises hybrid model to manage and sync user identities between the environments.
Over the last year, Mandiant has observed a higher volume of misconfigurations with Active Directory and hybrid identity models which resulted in successful vertical privilege escalation and stealthy persistence. These configuration missteps put organizations at a higher risk for harmful compromise, which calls for increased focus on hardening Active Directory setup and processes.
Join Andrew, one of Mandiant’s frontline consultants, as he walks us through an Active Directory attack lifecycle—Red Team style.
Topics of discussion will include:
- Modern attacker TTPs for Active Directory
- Hidden misconfigurations that can lead to domain compromise
- Dangers associated from this type of compromise
- Proven mitigation strategies and recommendations