Navigating the Network: Active Directory Attacks and OPSEC Strategies
September 26, 2024 (GMT +8)
11:00
Camia Hall (Village Tracks)
Red Team Village
Active Directory Domain Services (AD DS) is commonly used by small and large organizations today as their primary resource for user account management and access control. It is so common, it is used by approximately 90% of the Global Fortune 1000 companies today. Securing it is a critical mission for an organization; hence, it is required for security professionals to understand what misconfigurations can be abused to compromise the domain.
This presentation will examine the most common attacks used to compromise Active Directory. Beginning with an overview of the Active Directory architecture and how attackers can abuse misconfigurations to achieve their objectives. Seemingly complicated topics such as AD enumeration, Domain Privilege Escalation, Kerberos-based attacks, and gaining credentials will be covered. It will also look into common OPSEC (operation security) fails one red teamer may encounter during an engagement.
Speaker
CJ Villapando CJ is a security consultant guiding organizations in identifying security weaknesses in their infrastructure. He serves as an Offensive Security Manager at Red Rock IT Security Inc., helping build the organization's research and training programs and leading various security assessments. His six years of progressive industry experience working with public and private entities have given him a well-rounded understanding of how organizations deal with security.
When not working on consulting projects, he is teaching upcoming and seasoned information security professionals. He currently teaches graduate courses for the Master of Information Security Program at De La Salle University Manila and, more recently, the SEC560: Enterprise Penetration Testing course of the SANS Institute.
He holds multiple industry certifications, including GX-PT, GPEN, GX-IH, GCIH, GX-CS, GSEC, GDAT, GMOB, GSTRT, CISSP, OSEP, and OSCP. He has a Master's degree in Information Security from De La Salle University and is taking the Master of Science in Information Security Engineering at the SANS Technology Institute.
« Back