[FR] Active Directory security: 8 (very) low hanging fruits and how to smash those attack paths

Abstract

Pentester or attacker often exploit the same obvious vulnerabilities in Active directory. Come learn how to exploit and mitigate them.

Storyline

Welcome in PacFirm, the most insecure network ever, we have a very large Active Directory environment and we do no security at all. For now, no ghost has ever hacked our corporate network (at least we hope) but our new CISO requires us to perform a security assessment.

Your mission, should you choose to accept it, is to evaluate our security level and fix the issues.

Detailed content

In this fully hands-on workshop, we’ll guide you through 8 of the lowest hanging fruits weaknesses that we witnessed during numerous penetration tests. You’ll learn how to:

  • Spot passwords inside user descriptions
  • Find passwords on shared folders
  • Spray passwords over accounts
  • Quickly detect obsolete workstations and servers
  • Get free password hashes by kerberoasting
  • Pivot from machine to machine by reusing local credentials
  • Spot machines where Domain Admins are connected
  • Retrieve Domain Admins credentials in memory

Crackmapexec, Powerview, Rubeus, Mimikatz will be your best friends during this workshop.

Hand-on exercises will be performed on our lab environment with more than twenty virtual machines. For each attack, we will also discuss about mitigation techniques.

Target audience & Prerequisites

This training is aimed at sysadmins or security professionals willing to start with Active Directory security and hands-on sessions. There is no specific requirement for attendees except a basic IS and infosec culture.

All attendees will need to bring a laptop capable of running virtual machines (4GB of RAM is a minimum) and an up-to-date RDP client. Each attendee will be given a USB key with a Windows virtual machine with the necessary pentesting tools to perform the lab sessions.

À propos de Rémi Escourrou @remiescourrou & Nicolas Daubresse @nicolas_dbresse

Rémi Escourrou and Nicolas Daubresse are security consultant at Wavestone. For 3 years, they have been developing their skills as a pentester of IT infrastructure and more specifically on Active Directory environment. They are also involved in the CERT-W as First Responder.