Sean Metcalf

Author's details

Name: Sean Metcalf
Date registered: April 27, 2014
URL: https://ADSecurity.org

Biography

I improve security for enterprises around the world working for TrimarcSecurity.com Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8

Latest posts

  1. Detecting Kerberoasting Activity Part 2 – Creating a Kerberoast Service Account Honeypot — February 8, 2017
  2. Detecting Kerberoasting Activity — February 5, 2017
  3. Sneaky Persistence Active Directory Trick #18: Dropping SPNs on Admin Accounts for Later Kerberoasting — January 29, 2017
  4. Securing Domain Controllers to Improve Active Directory Security — November 3, 2016
  5. Securing Windows Workstations: Developing a Secure Baseline — October 21, 2016

Author's posts listings

Aug 04

DEF CON 24 (2016) Talk “Beyond the MCSE: Red Teaming Active Directory” Presentation Slides Posted

On Thursday, August 4th, I presented “Beyond the MCSE: Red Teaming Active Directory” at DEF CON 24 (2016). Here are the slides for this talk:  DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory Here’s my talk description from the DEF CON website: Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities, so …

Continue reading »

Aug 03

Presentation Slides Posted for Black Hat USA 2016 Talk “Beyond the MCSE: Active Directory for the Security Professional”

On Wednesday, August 3rd, I presented “Beyond the MCSE: Active Directory for the Security Professional” at Black Hat USA 2016. Here are the slides for this talk:  US-16-Metcalf-BeyondTheMCSE-ActiveDirectoryForTheSecurityProfessional Here’s my talk description from the Black Hat website: Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management …

Continue reading »

Jul 19

Black Hat USA 2016 Talk – Beyond the MCSE: Active Directory for the Security Professional

This summer in Las Vegas, I’m speaking at Black Hat USA 2016 on Active Directory security, “Beyond the MCSE: Active Directory for the Security Professional.” This talk covers the key AD security components with specific focus on the things security professionals should know. I put this talk together because I have noticed that while Active …

Continue reading »

Jul 06

DEF CON 24 (2016) Talk – Beyond the MCSE: Red Teaming Active Directory

This August at DEF CON 24, I will be speaking about Active Directory security evaluation in my talk “Beyond the MCSE: Red Teaming Active Directory”. This talk is focused on the Red side of AD security, specifically how to best evaluate the security of AD and quickly identify potential security issues. Whether you perform “Red …

Continue reading »

Jun 26

So You Want to Speak at a Security Conference Part 2: How to Craft a Great Talk for a Security Conference!

This is a continuation of my earlier “So You Want to Speak at a Security Conference?” post where I cover creating a good submission to speak at a conference. I have spoken a handful of times and am definitely not an expert, though I do want to share some of the best tips I’ve discovered …

Continue reading »

Apr 24

BSides Charm Presentation Posted: PowerShell Security: Defending the Enterprise from the Latest Attack Platform

This was my second year speaking at BSides Charm in Baltimore. Last year I spoke about Active Directory attack & defense and it was my first time speaking at a conference. 🙂 The presentation slides for my talk “PowerShell Security: Defending the Enterprise from the Latest Attack Platform” are now on the Presentations tab here …

Continue reading »

Mar 25

DarkOperator.com: Using PowerShell to Gather Information from Active Directory

Carlos Perez (@DarkOperator) recently posted on DarkOperator.com how to use PowerShell to get data from Active Directory. He is working on an Active Directory audit PowerShell project and is documenting most of the work put into it. He also covers leveraging functions for portability and using Pester to write better PowerShell code  (as well as …

Continue reading »

Mar 14

Sneaky Active Directory Persistence #17: Group Policy

The content in this post describes a method through which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for about 5 minutes. Complete list of Sneaky Active Directory Persistence Tricks posts This post explores how an attacker could leverage the built-in Active Directory management capability called Group Policy …

Continue reading »

Mar 09

Sneaky Active Directory Persistence #16: Computer Accounts & Domain Controller Silver Tickets

The content in this post describes a method by which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for about 5 minutes. All posts in my Sneaky Active Directory Persistence Tricks series This post explores how an attacker could leverage computer account credentials to persist in an enterprise …

Continue reading »

Older posts «

» Newer posts