Category: Security Conference Presentation/Video

Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest

At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though one in particular caught my eye. Overview Lee figured out and presents a scenario where there’s an account …

Continue reading

Black Hat & DEF CON Presentation Slides Posted

I just uploaded the slides from my Black Hat & DEF CON talks from the past week in Vegas.  They are a bit different with the BH talk more Blue (defensive) and the DC talk mostly Red (Offensive) in focus. Also note that the only real overlap in content is the MFA & password vault …

Continue reading

NolaCon (2018) Active Directory Security Talk Slides Posted

I recently presented my talk  “Active Directory Security: The Journey” at Nolacon in New Orleans, LA. Slides are now posted here. On Sunday, May 19th, 2018, I spoke at NolaCon at 11am. Here’s the talk description: Active Directory is only the beginning. Attackers have set their sights squarely on Active Directory when targeting a company, though …

Continue reading

BSides Charm (2017) Talk Slides Posted – Detecting the Elusive: Active Directory Threat Hunting

I recently presented my talk  “Detecting the Elusive: Active Directory Threat Hunting” at BSides Charm in Baltimore, MD. Slides are now posted in the Presentations section. I cover some of the information I’ve posted here before: PowerShell Security Detecting Kerberoasting: Part 1 and Part 2   On Sunday, April 30th, 2017, I spoke at BSides Charm in …

Continue reading

Sp4rkCon (2017) Talk Slides Posted – Active Directory Security: The Good, the Bad, & the UGLY

I recently presented my talk “Active Directory Security: The Good, the Bad, & the UGLY” at Sp4rkCon in Bentonville, AR in April 2017. Slides are now posted in the Presentations section. I cover some of the information I’ve posted here before: PowerShell Security Detecting Kerberoasting: Part 1 and Part 2 Here’s the talk description: Active Directory Security:The Good, the …

Continue reading

Some Favorite DerbyCon 6 Talks (2016)

This post is a collection of my favorite and interesting talks from DerbyCon 6 (2016). There were a lot of great talks and as I discover them, I’ll add them here. My goal is to collect and provide the talk videos and slides together for a single, easy reference. I’m sure I missed a few. …

Continue reading

DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack

Next week at DerbyCon 6, Will Schroeder (aka Will Harmjoy, @Harmj0y) & I are presenting on enterprise security, “Attacking EvilCorp: Anatomy of a Corporate Hack.” We call this one the “How You Got Hacked” presentation. The company and events are fictional. The techniques are real. On Saturday, September 24th, 2016, Will & I are speaking …

Continue reading

DEF CON 24 (2016) Talk “Beyond the MCSE: Red Teaming Active Directory” Presentation Slides Posted

On Thursday, August 4th, I presented “Beyond the MCSE: Red Teaming Active Directory” at DEF CON 24 (2016). Here are the slides for this talk:  DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory Here’s my talk description from the DEF CON website: Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities, so …

Continue reading

Presentation Slides Posted for Black Hat USA 2016 Talk “Beyond the MCSE: Active Directory for the Security Professional”

On Wednesday, August 3rd, I presented “Beyond the MCSE: Active Directory for the Security Professional” at Black Hat USA 2016. Here are the slides for this talk:  US-16-Metcalf-BeyondTheMCSE-ActiveDirectoryForTheSecurityProfessional Here’s my talk description from the Black Hat website: Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management …

Continue reading

Black Hat USA 2016 Talk – Beyond the MCSE: Active Directory for the Security Professional

This summer in Las Vegas, I’m speaking at Black Hat USA 2016 on Active Directory security, “Beyond the MCSE: Active Directory for the Security Professional.” This talk covers the key AD security components with specific focus on the things security professionals should know. I put this talk together because I have noticed that while Active …

Continue reading