The content in this post describes a method by which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for 5 minutes. I presented on this AD persistence method in Las Vegas at DEF CON 23 (2015). Complete list of Sneaky Active Directory Persistence Tricks posts The Directory …
Category: Security Conference Presentation/Video
Aug 07 2015
Kerberos Golden Tickets are Now More Golden
At my talk at Black Hat USA 2015, I highlighted new Golden Ticket capability in Mimikatz (“Enhanced Golden Tickets”). This post provides additional detailed on “enhanced” Golden Tickets. Over the past few months, I researched how SID History can be abused in modern enterprises. As part of this research, I reached out to Benjamin Delpy, …
Aug 02 2015
DEF CON 23 (2015) Red vs Blue: Modern Active Directory Attacks & Defense Talk Detail
This week at DEF CON 23, I will be speaking about Active Directory attack & defense in my talk “Red vs Blue: Modern Active Directory Attacks & Defense”. This is the 4th iteration of this talk and includes the latest updates to attack methods and defensive strategies.This DEF CON version has a new segment I …
Jul 26 2015
Black Hat USA 2015 Red vs Blue Active Directory Attack & Defense Talk Detail
Next week at Black Hat USA 2015, I will be speaking about Active Directory attack & defense in my talk “Red vs Blue: Modern Active Directory Attacks Detection and Protection”. This is the 3rd iteration of this talk and includes the latest updates to attack methods and defensive strategies. I’m including lots of updates and …
May 25 2015
Summer Speaking Engagements
I am thrilled to announce I will be speaking about Active Directory security at the following security conferences: Shakacon (Waikiki Beach, HI) Black Hat USA (Las Vegas, NV) DEF CON (Las Vegas, NV) Each talk will cover current AD attack techniques and the latest defensive methods. Additionally, I will be sharing some exciting new information …
May 08 2015
Microsoft Ignite 2015 Security Sessions
Microsoft retired several conferences this year (TechEd, MEC, MMC, etc) and merged them into a single mega-conference called Microsoft Ignite 2015. About 23,000 people (~29k including all staff and support personnel) converged on the McCormick Place Conference Center in Chicago, IL during the week of May 4th (May the Fourth be With You!). I recently …
Jan 29 2015
ShmooCon 2015 Presentation Videos
ShmooCon2015 was held in Washington, DC from January 16th -18th, 2015. The ShmooCon 2015 videos are now posted: https://archive.org/details/shmoocon-2015-videos-playlist ShmooCon 2015 FireTalks Videos The complete list of all presentations at ShmooCon 2015 including video download links: Keynote Address: Joseph Lorenzo Hall https://archive.org/download/shmoocon-2015-videos-playlist/Keynote%20%5BSC2015%5D.mp4Joseph Lorenzo Hall is the Chief Technologist at the Center for Democracy & Technology, …
Jan 23 2015
Shmoocon 2015 FireTalks Videos
The ShmooCon 2015 Presentation Videos are posted. The ShmooCon Firetalks (2015) are posted: Opening – @grecs PlagueScanner: An Open Source Multiple AV Scanner Framework – Robert Simmons (@MalwareUtkonos) I Hunt Sys Admins – Will Schroeder (@harmj0y) Collaborative Scanning with Minions: Sharing is Caring – Justin Warner (@sixdub) Chronicles of a Malware Hunter – Tony Robinson …
Nov 25 2014
BlueHat Security Briefings: Fall 2014 Sesions
Microsoft has posted videos and slides from the Microsoft internal “BlueHat” security conference from October 2014. BlueHat Security Briefings educate Microsoft engineers and executives on current and emerging security threats as part of continuing efforts to help protect our customers and secure our products, devices, and services. BlueHat serves as a great opportunity for invited …
Recent Comments