We have an Identity problem and not the kind you think of when you look in the mirror. Attacks have shifted from the perimeter to the endpoints and now attackers have their sights on identity. This talk explores the issues with Identity security specifically the two most popular identity systems, Active Directory & Azure AD …
Category: Technical Reference
May 28 2024
DEFCON 2017: Transcript – Hacking the Cloud
May 28 2024
Detecting the Elusive: Active Directory Threat Hunting
This is “Detecting the Elusive: Active Directory Threat Hunting”, and I am Sean Metcalf. I’m the founder of Trimarc, a Security Company, a Microsoft-Certified Master (MCM) in Active Directory. There’s about 100 in the world. I’m also a Microsoft MVP. I’ve spoken about Active Directory attack and defense at a number of conferences. I’m a …
May 28 2024
Detecting Kerberoasting Activity
Kerberoasting can be an effective method for extracting service account credentials from Active Directory as a regular user without sending any packets to the target system. This attack is effective since people tend to create poor passwords. The reason why this attack is successful is that most service account passwords are the same length as …
May 28 2024
Detecting Password Spraying with Security Event Auditing
A common method attackers leverage as well as many penetration testers and Red Teamers is called “password spraying”. Password spraying is interesting because it’s automated password guessing. This automated password guessing against all users typically avoids account lockout since the logon attempts with a specific password are performed against against every user and not one …
May 28 2024
Hardening Azure AD in the Face of Emerging Threats
In September of 2021, Trimarc Founder & CTO Sean Metcalf presented at Quest’s The Experts Conference. “This presentation covers some attacks that involve Microsoft cloud on-prem components as well as those against the Microsoft cloud directly. After discussing attacks and specific defenses, I will wrap up with some key recommendations. Note: There will be some …
Aug 07 2019
Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD) Sean Metcalf (Trimarc) & Mark Morowczynski (Principal Program Manager, Microsoft) The allure of the “Cloud” is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and …
Aug 01 2019
AD Reading: Windows Server 2019 Active Directory Features
Windows Server 2019 has several new features, though nothing in this list is related to AD. Note that there is no Windows Server 2019 AD Forest/Domain Functional Level. There are no new features for Active Directory in Windows Server 2019 except one performance update which doesn’t affect most deployments. This update is related to an …
Recent Comments