{"id":4019,"date":"2018-08-12T16:27:11","date_gmt":"2018-08-12T20:27:11","guid":{"rendered":"https:\/\/adsecurity.org\/?p=4019"},"modified":"2018-08-12T16:32:27","modified_gmt":"2018-08-12T20:32:27","slug":"black-hat-def-con-presentation-slides-posted","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=4019","title":{"rendered":"Black Hat & DEF CON Presentation Slides Posted"},"content":{"rendered":"

I just uploaded the slides from my Black Hat & DEF CON talks from the past week in Vegas.\u00a0 They are a bit different with the BH talk more Blue (defensive) and the DC talk mostly Red (Offensive) in focus. Also note that the only real overlap in content is the MFA & password vault sections and those were updated in my DEF CON talk to focus on the attack aspect.<\/p>\n

An important note: The methods I show are real and work well in many real-world customer deployments. The issues with MFA and password vaults I highlight are often deployment issues and not necessarily vendor best practices. With that noted, I have seen enterprise password vaults deployed with poor security so often that I don’t think customers are very familiar with the vendor security best practices.<\/p>\n

Slides are in the Presentations section<\/a>.<\/p>\n

Black Hat USA 2018 Talk:\u00a0 “From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it”<\/strong><\/p>\n

\"\"
\nThis talk walks the audience through how AD administration has evolved over time with newer, more “secure” methods and the potential ways to exploit modern AD administration. I explore some methods to exploit current implementation weaknesses in many deployments of multi-factor authentication (MFA) and enterprise password vaults. The latter third of the talk dives into the best defenses and how to employ and deploy them appropriately.
\n[Slides<\/a>]<\/p>\n

Black Hat Talk Agenda:<\/span><\/p>\n