Active Directory & Azure AD/Entra ID Security

Active Directory & Azure AD/Entra ID: Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Category: Security

Aug 04 2016

DEF CON 24 (2016) Talk “Beyond the MCSE: Red Teaming Active Directory” Presentation Slides Posted

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Security Conference Presentation/Video

On Thursday, August 4th, I presented “Beyond the MCSE: Red Teaming Active Directory” at DEF CON 24 (2016). Here are the slides for this talk: DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory Here’s my talk description from the DEF CON website: Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities, so …

2016, Active Directory Security, DEFCON24, MCSE, Presentation Slides, Red Teaming Active Directory

Aug 03 2016

Presentation Slides Posted for Black Hat USA 2016 Talk “Beyond the MCSE: Active Directory for the Security Professional”

By Sean Metcalf in Microsoft Security, Security Conference Presentation/Video

On Wednesday, August 3rd, I presented “Beyond the MCSE: Active Directory for the Security Professional” at Black Hat USA 2016. Here are the slides for this talk: US-16-Metcalf-BeyondTheMCSE-ActiveDirectoryForTheSecurityProfessional Here’s my talk description from the Black Hat website: Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management …

Active Directory for the Security Professional, Black Hat USA 2016, MCSE, Presentation Slides

Jul 19 2016

Black Hat USA 2016 Talk – Beyond the MCSE: Active Directory for the Security Professional

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Security Conference Presentation/Video

This summer in Las Vegas, I’m speaking at Black Hat USA 2016 on Active Directory security, “Beyond the MCSE: Active Directory for the Security Professional.” This talk covers the key AD security components with specific focus on the things security professionals should know. I put this talk together because I have noticed that while Active …

Active Directory, Active Directory Security, AD Security, Beyond the MCSE: Active Directory for the Security Professional, BlackHat USA, MCSE, Presentation, Talk, VegasWeek2016

Jul 06 2016

DEF CON 24 (2016) Talk – Beyond the MCSE: Red Teaming Active Directory

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Security Conference Presentation/Video

This August at DEF CON 24, I will be speaking about Active Directory security evaluation in my talk “Beyond the MCSE: Red Teaming Active Directory”. This talk is focused on the Red side of AD security, specifically how to best evaluate the security of AD and quickly identify potential security issues. Whether you perform “Red …

Active Directory recon, Active Directory Security, ActiveDirectory, bypass PowerShell security, DEFCON24, PowerShell, PowerShell AMSI, PowerShell Attacks, PowerShell v5, Red Team AD, SecurityPresentation, VegasWeek2016, Windows 10 AMSI

Apr 24 2016

BSides Charm Presentation Posted: PowerShell Security: Defending the Enterprise from the Latest Attack Platform

By Sean Metcalf in Microsoft Security, PowerShell, Security Conference Presentation/Video

This was my second year speaking at BSides Charm in Baltimore. Last year I spoke about Active Directory attack & defense and it was my first time speaking at a conference. 🙂 The presentation slides for my talk “PowerShell Security: Defending the Enterprise from the Latest Attack Platform” are now on the Presentations tab here …

Bsides Baltimore, BSides Charm, Invoke-Mimikatz, Invoke-NinjayCopy, Monad, Nishang, PowerShell, PowerShell attack, PowerShell attack and defense, PowerShell attack detection, PowerShell defenses, PowerShell Empire, PowerShell logging, PowerShell OMFG, PowerShell remoting, PowerShell v5, PowerShell version 5 security, PowerShell.exe, PowerSploit, PowerTools, PowerUp, PowerView, RDP /RestrictedAdmin, Real world PowerShell attacks, script block logging, system transcript

Apr 13 2016

What Should I Do About BadLock (CVE-2016-2118 & CVE-2016-0128/MS16-047)?

By Sean Metcalf in Microsoft Security, Vulnerability

What Should I Do About BadLock (CVE-2016-2118 & CVE-2016-0128/MS16-047)? The simple answer: Patch soon. Despite the hype, which led many to assume a Remote Code Execution (RCE) was involved, this issue requires a Man-int-the-Middle (MITM) attack in order to be successful. With that noted, it is still a serious issue that requires patching. Overview Badlock …

BadLock, CVE-2016-0128, CVE-2016-2118, CVE20160128, CVE20162118, DCE, DCE 1.1 Remote Procedure Call, DCE/RPC, KB3149090, Linux, Local Security Authority (Domain Policy) Remote Protocol, LSAD, MicrosoftWindows, MS-LSAD, MS-SAMR, MS16-047, MS16047, RPC, sam, Samba, Security Account Manager Remote Protocol, SMB, Unix

Mar 14 2016

Sneaky Active Directory Persistence #17: Group Policy

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Technical Reference

The content in this post describes a method through which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for about 5 minutes. Complete list of Sneaky Active Directory Persistence Tricks posts This post explores how an attacker could leverage the built-in Active Directory management capability called Group Policy …

ActiveDirectory, BadGPO, DomainController, Get-ADObject, Get-ADOrganizationalUnit, GPLink, GPO, GPP, GroupPolicy, GroupPolicyObject, GroupPolicyPersistence, GroupPolicyTemplate, MaliciousGPO, MaliciousGroupPolicy, PowerShell Active Directory module, PrivilegeEscalation, SiteGPOs, SneakyADPersistence, SneakyPersistence, SYSVOL

Mar 09 2016

Sneaky Active Directory Persistence #16: Computer Accounts & Domain Controller Silver Tickets

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Technical Reference

The content in this post describes a method by which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for about 5 minutes. All posts in my Sneaky Active Directory Persistence Tricks series This post explores how an attacker could leverage computer account credentials to persist in an enterprise …

Mar 02 2016

ADSecurity.org’s Unofficial Guide to Mimikatz & Command Reference Updated for Mimikatz v2.1 alpha 20160229

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Technical Reference

ADSecurity.org’s Unofficial Guide to Mimikatz & Command Reference page is updated for the new modules/features in Mimikatz v2.1 alpha 20160229. According to Mimikatz author, Benjamin Delpy, the following updates are included in the most recent Mimikatz version(s): Mimikatz Release Date: 2/29/2016 2.1 alpha 20160229 (oe.eo) edition System Environment Variables & other stuff [new] System Environment …

Invoke-Mimikatz, mimikatz, MimikatzCommandReference, MimikatzUpdate

Feb 11 2016

Detecting Offensive PowerShell Attack Tools

By Sean Metcalf in ActiveDirectorySecurity, Malware, Microsoft Security, PowerShell, Technical Reference

At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most …

Bypass PowerShell ExecutionPolicy, Detect Invoke-Mimikatz, Detect offensive PowerShell, detect PowerShell attack tools, ExecutionPolicyBypass, Invoke-Expression, Invoke-Mimikatz, InvokeMimikatz, New-Object Net.WebClient DownloadString, Offensive PowerShell, PowerShell Attack Tool, PowerShell Attacks, PowerShell Constrained Language Mode, PowerShell Execution Policy, PowerShell GPO, PowerShell Logging Group Policy, PowerShell Mimikatz, PowerShell.exe, PowershellLogging, PowerShellMafia, PowerShellSecurity, PowerShellv5, PowerSploit, script block logging, System-wide transcript, System.Management.Automation.dll, Windows10

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2025.

Made with by Graphene Themes.

Category: Security

DEF CON 24 (2016) Talk “Beyond the MCSE: Red Teaming Active Directory” Presentation Slides Posted

Presentation Slides Posted for Black Hat USA 2016 Talk “Beyond the MCSE: Active Directory for the Security Professional”

Black Hat USA 2016 Talk – Beyond the MCSE: Active Directory for the Security Professional

DEF CON 24 (2016) Talk – Beyond the MCSE: Red Teaming Active Directory

BSides Charm Presentation Posted: PowerShell Security: Defending the Enterprise from the Latest Attack Platform

What Should I Do About BadLock (CVE-2016-2118 & CVE-2016-0128/MS16-047)?

Sneaky Active Directory Persistence #17: Group Policy

Sneaky Active Directory Persistence #16: Computer Accounts & Domain Controller Silver Tickets

ADSecurity.org’s Unofficial Guide to Mimikatz & Command Reference Updated for Mimikatz v2.1 alpha 20160229

Detecting Offensive PowerShell Attack Tools

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

Category: Security

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright