Hunting backdoors in Active Directory Environment скачать в хорошем качестве

Hunting backdoors in Active Directory Environment

We conducted multiple investigations and assessments, observed techniques that attackers preferred as they conducted privilege escalation to move laterally, persist in the Active Directory environment, and blend in. Backdoors and misconfigurations on Active directory systems provided attackers with long term privileged access to the environment. We will cover, in depth, different methods used by attackers to maintain persistence, covertly elevate privileges at will, and maintain and exert control over systems managed by Active Directory. We will talk about different methods of hunting and detecting for misconfigurations and backdoors to help find these faster and respond effectively. Some of the hunt use cases that may be discussed include: Hybrid Active Directory Backdoors DACL Based Backdoors Delegation Misuse GPO based Backdoors SID History Abuse Misconfigurations of Authentication Methods Persistent access using Machine Account password Thirumalai Natarajan Muthiah, Principal Consultant, Mandiant -   / th1rum   Anurag Khanna, Manager - Incident Response & Consulting Services, Crowdstrike Services -   / khannaanurag   View upcoming Summits: http://www.sans.org/u/DuS Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE #ThreatHuntingSummit #ActiveDirectory