Interested in securing your enterprise and Active Directory environment?
Please visit TrimarcSecurity.com.
Sean Metcalf, founder and Principal Consultant for Trimarc, has presented on security attack and defense at several major security conferences including:
- Black Hat USA (2015, 2016, 2018, 2019)
- BSides Charm (2015, 2016, 2017, 2018, 2019)
- BSides DC (2016)
- BSides PR (2019)
- DEF CON (2015, 2016, 2017, 2018, 2019)
- DerbyCon (2015, 2016, 2017, 2018, 2019)
- HackCon (2018)
- Hybrid Identity Protection Conference (2017, 2018)
- IT-Defense (2019)
- Microsoft BlueHat (2017)
- Microsoft Ignite (2019)
- NolaCon (2018)
- The Experts Conference (TEC) by Quest Software (2019)
- Shakacon (2015, 2018)
- Troopers (2018, 2019)
- Walmart Sp4rkCon (2017)
This page includes the slides and videos (if available).
2019 Presentations:
-
Microsoft Ignite 2019 – “The Top 10 Most Common Active Directory Security Issues, their impact, and remediation”
Microsoft Ignite 2019 – Slides (PDF)
Microsoft Ignite 2019 – Talk Audio with Slides -
BSidesPR 2019 – “Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)”
BSidesPR 2019 – Slides (PDF)
(not recorded) -
DerbyCon 2019 – “Active Directory Security: Beyond the Easy Button”
DerbyCon 2019 – Slides (PDF) just the AD security content
DerbyCon 2019 – Slides (PDF) Full deck including my “DerbyCon Reflections”
(Slides were updated after the talk to provide more context)
DerbyCon 2019 – Presentation Video (YouTube) -
The Expert’s Conference (TEC) 2019 – “The Current State of Active Directory Security”
“The Current State of Active Directory Security” Slides (PDF)
TEC 2019 – Presentation Video (YouTube) -
DEFCON 2019 Cloud Village Talk
“Cloudy Vision: How Cloud Integration Complicates Security”
Slides (PDF)
(not recorded) -
Black Hat USA 2019 – “Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)”
Black Hat USA 2019 – Slides (PDF)
Black Hat 2019 – Presentation Video (YouTube) -
BSides Charm 2019 – “You Moved to Office 365, Now What?”
BSides Charm 2019 – Slides (PDF)
BSides Charm 2019 – Presentation Video (YouTube) -
Troopers 2019 (TR19) – “From Workstation to Domain Admin… Why Secure Administration Isn’t Secure and How to Fix It” [Version 4]
Troopers 2019 – TR19 Slides (PDF)
Troopers 2019 – TR19 Presentation Video (YouTube) -
IT-Defense 2019 – “Securing Active Directory Administration” [Version 3]
This is a minor update to my DerbyCon 2018 talk.
IT-Defense 2019 – Slides (PDF)
(not recorded)
2018 Presentations:
-
Hybrid Identity Protection Conference (HIPconf) 2018 – “Securing the Microsoft Cloud”
HIPConf 2018 – Slides (PDF)
HIPConf 2018 – Presentation Video (YouTube) -
DerbyCon 2018 – “From Workstation to Domain Admin…” [Version 2]
DerbyCon 2018 – Slides (PDF)
DerbyCon 2018 – Presentation Video (YouTube) -
DEF CON 26 (2018) – “Exploiting Active Directory Administrator Insecurities”
DEF CON 26 – Slides (PDF)
DEF CON 26 – Presentation Video (YouTube) -
Black Hat 2018 – “From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it”
Black Hat 2018 – Slides (PDF)
Black Hat 2018 – Presentation Video (YouTube) -
ShakaCon X 2018 – “The Current State of Active Directory Security”
ShakaCon Slides (PDF) – note this talk content is similar to my NolaCon 2018 talk.
Presentation Video (YouTube)
Note: One of the speakers was unable to make it, so I filled in on short notice. -
NolaCon 2018 – “Active Directory Security: The Journey” [Version 3]
NolaCon 2018 – Slides (PDF)
NolaCon 2018 – Presentation Video (YouTube) -
BSidesCharm 2018 – “FailTime – Failing Towards Success”
BSidesCharm 2018 – Slides (PDF – with notes!)
BSidesCharm 2018 – Presentation Video (YouTube) -
Troopers 2018 – “Active Directory Security: The Journey [Version 2]
Troopers 2018 (Heidelberg, Germany) March 2018
Troopers 2018 – Slides (PDF)
Troopers 2018 – Presentation Video (YouTube) -
HackCon 2018 – “When Worlds Collide: Security in a Cloud-Enabled Environment” [Version 2]
HackCon 2018 (Oslo, Norway) February 2018
HackCon 2018 – Slides (PDF)
(not recorded)
2017 Presentations:
-
Microsoft Blue Hat 2017 – “Active Directory Security: The Journey”
Microsoft Blue Hat 2017 (Redmond, WA) November 2017
BlueHat 2017 – Slides (PDF)Blue Hat Demo Videos (done by Jared Haight @jaredhaight author of PS>Attack):
1. Getting credentials with Responder: HTTP and SMB.
2. Running Responder after mitigations – no creds. -
Hybrid Identity Protection Conference (2017) – “When Worlds Collide: Security in a Cloud-Enabled Environment”
HIPConf (New York, NY) November 2017
HIPConf 2017 – Slides (PDF) -
DerbyCon 7 (2017) – “The Current State of Security an Improv-spection” with Nick Carr (@ItsReallyNick)
DerbyCon 7 (Louisville, KY) September 2017
DerbyCon 7 Slides (PDF)
DerbyCon 7 (2017) Presentation Video (YouTube) -
DEF CON 25 (2017) – “Hacking the Cloud” with Gerald Steere (@DarkPawh)
DEF CON 25 (Las Vegas, NV) July 2017
DEF CON 25 (2017) Slides (PDF)
Written Transcript (courtesy of Trimarc)
DEF CON 25 (2017) Presentation Video (YouTube) -
Ryerson University IT Conference (Toronto, Canada) – “The Current Threat Landscape,Modern Defenses, & Effective Detection”
Slides (PDF) -
BSides Charm (2017) – “Detecting the Elusive: Active Directory Threat Hunting”
BSides Charm (Baltimore, MD) 2017 (April 2017)
BSides Charm 2017 Slides (PDF)
Written Transcript (courtesy of Trimarc)
BSides Charm Presentation Video (YouTube) -
Sp4rkCon (2017) – “Active Directory Security: The Good, the Bad, & the UGLY”
Sp4rkCon (Bentonville, AR) 2017 (March 2017)
Sp4rkCon 2017 Slides (PDF)
2016 Presentations:
-
BSides DC (2016) – “PowerShell Security: Defending the Enterprise from the Latest Attack Platform” (v2)
BSides DC (Washington, DC) 2016 (October 2016)
BSides DC 2016 Slides (PDF)
BSides DC Presentation Video (YouTube) -
DerbyCon 6 (2016) – “Attacking EvilCorp: Anatomy of a Corporate Hack (aka How You Got Hacked)” with Will @harmj0y Schroeder (blog.harmj0y.net)
DerbyCon 6 (September 2016)
DerbyCon 6 (2016) Slides (PDF)
DerbyCon 6 (2016) Presentation Video (YouTube)
Download mp4 presentation video (archive.org)
DerbyCon Demo Videos:
1. Active Directory Recon with Bloodhound.
2. Compromising an AD domain by leveraging a custom local admin password solution.
3. Compromising an AD domain by Kerberoasting to offline crack service account password. Will has a great blog post on Kerberoasting with PowerShell.
4. Leverage compromised domain in the AD forest to “SID Hop” from child “R&D” domain to “Production” domain in an AD Forest.
-
DEF CON 24 (2016) – “Beyond the MCSE: Red Teaming Active Directory”
DEF CON 24 (August 2016)
DEF CON 24 (2016) Slides (PDF)
DEF CON 24 (2016) Presentation Video (YouTube) -
Black Hat USA 2016 – “Beyond the MCSE: Active Directory for the Security Professional”
Black Hat USA 2016 (August 2016)
Black Hat USA 2016 Slides (PDF)
Black Hat USA 2016 Whitepaper (PDF)
Black Hat USA 2016 Presentation Video (YouTube) -
BSides Charm (2016) – “PowerShell Security: Defending the Enterprise from the Latest Attack Platform”
BSides Charm (Baltimore) 2016 (April 2016)
BSides Charm 2016 Slides (PDF)
BSides Charm Presentation Video (YouTube)
2015 Presentations:
Note: Each AD Security “Red vs Blue” presentation has some different material though the flow is the same.
Furthermore, Mimikatz is used quite extensively in these talks. Read my Mimikatz Guide for more information on its capabilities and usage.
-
DerbyCon Edition – “Red vs. Blue: Modern Active Directory Attacks & Defense” (v5)
– New Sneaky Active Directory Persistence Methods, Advanced Red Team Recon Tactics, Remote Execution Methods, Mimikatz DC Sync Usage & Detection, & Detecting offensive PowerShell tools including Invoke-Mimikatz
DerbyCon V (September 2015)
DerbyCon V Slides (PDF)
DerbyCon Presentation Video (YouTube) -
DEF CON Edition – “Red vs. Blue: Modern Active Directory Attacks & Defense” (v4)
– Sneaky Active Directory Persistence Methods
DEF CON 23 (August 2015)
DEF CON 23 Slides (PDF)
DEF CON 23 Presentation Video (YouTube) -
Black Hat Edition – “Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection” (v3)
– “Enhanced” Golden Tickets & Exploiting Kerberos Unconstrained Delegation
Black Hat USA 2015 (August 2015)
Black Hat Slides (PDF)
Black Hat Presentation Video (YouTube)
-
“Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection” (v2)
– Forging Kerberos Trust Tickets
Shakacon VII (July 2015)
Slides (PDF)
Shakacon Presentation Video (YouTube)
-
“Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection” (v1)
BSides Charm (Baltimore) 2015 (April 2015)
Slides (PDF) -
“Mastering PowerShell and Active Directory”
PowerShell User’s Group (January 2015)
Slides (PDF)
Recent Comments