Active Directory (AD) is widely used by enterprises for centralized management of digital assets such as accounts, machines, and access rights. AD is always the primary target for adversaries since compromising AD also grants control over an entire enterprise’s network. Furthermore, AD attacks techniques are mostly in the form of leveraging the privilege, configuration settings, or designed mechanism, that are also commonly called the abuse primitive.
In this talk, we will discuss how real-world adversaries abuse these attack techniques that are chained as attack paths to compromise Active Directory by demonstrating 4 attack paths. We will dive into these AD attack techniques abuse configuration settings and discuss the methodology such as enumeration, consideration, tactical goal, and how to evade blue team detection to make success operation.
In addition, attack paths demonstrated includes new AD abuse primitives such as diamond ticket, U2U ticket, or Shadow Credential. We will discuss how an attack path is formed from the abuse primitives in the AD environment with the explanation of root cause, implementation methods, and operational guidance. All 4 attack paths shared will also be shared with video demonstration from an adversary’s perspective using a C2 not only for a realistic experience of offensive operation but to make the impact easier to understand.
