Think Active Directory is dead? Think again. According to Microsoft data, 86% of organizational workloads still touch Active Directory, and nearly 20% of organizations don't expect to reach a hybrid state for 10-20+ years. In this episode, Brad and Spencer break down why AD attack paths remain one of the most critical threats in enterprise environments and what defenders can do about it right now.
Spencer also previews his ContinuumCon workshop "Killing AD Attack Paths Once and For All" where he demonstrates how authentication policies and silos can eliminate an entire class of lateral movement attacks built into Windows and Active Directory.
In this episode:
- Why Active Directory is still alive, well, and heavily targeted - What an Active Directory attack path is and how attackers use them - The four prerequisites attackers need to abuse AD attack paths - Real-world examples: Kerberos ticket theft, SCCM abuse, certificate misconfigurations, and misconfigured permissions - Tools defenders should know: Bloodhound, PingCastle, Purple Knight, Locksmith, and ADelegator - How to prioritize remediations based on ease of exploitation vs. impact - Why retesting is the most overlooked step in any remediation cycle
Podden och tillhörande omslagsbild på den här sidan tillhör
SecurIT360. Innehållet i podden är skapat av SecurIT360 och inte av,
eller tillsammans med, Poddtoppen.