Active Directory Best Practices That Frustrate Pentesters

HomeOther ContentActive Directory Best Practices That Frustrate Pentesters
Channel: Black Hills Information Security Sourced: Youtube Published 6 years ago
Active Directory Best Practices That Frustrate Pentesters
Active Directory Best Practices That Frustrate Pentesters
Join us on the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to continue the security conversation!

Contact Black Hills Infosec if you need penetration testing, threat hunting, SOC ACTIVE, incident response or blue team services – https://www.blackhillsinfosec.com/

00:00 – Presentation
01:49 – Active Directory best practices to frustrate attackers
03:55 – Infrastructure overview
04:50 – AWS Quickstart
07:09 – AWS against pentesters
09:51 – More preview
11:30 a.m. – /"Domains/" Presentation
15:54 – Naming Conventions – Users
18:27 – Naming Conventions – File Shares
8:19 p.m. – Naming conventions – Groups
22:22 – Naming conventions – JUGULAR
27:14 – Group Policy Summary
28:35 – Default domain policy
28:55 – Can you keep a secret? GPP cannot. Sysvol neither
30:13 – It’s Microsoft that’s failing us all
31:15 – Host-based firewalls everywhere
33:55 – Minimum password requirements
38:13 – Password policy
38:34 – Disable storing weak passwords
40:31 – Attack tactics
44:08 – LLMNR – Attacks
44:20 – LLMNR – Turn it off
44:47 – Learn more about LAPS
45:06 – Last slide LAPS
45:49 – App whitelist
46h50 – PowerShell and CMD restrictions
49:03 – Sessions left to drag
51:40 – Last minute things

Description: Join Jordan and Kent as they walk through an Active Directory best practices environment. The deployment includes two Amazon Web Services (AWS) Active Directory domain controllers in a multi-availability zone configuration. Best practices will also cover some AWS basics, deploying your domain in the cloud, and much more.

Symmon? Yeah!
Password policy? Yeah!
Naming conventions? Yeah!
ACLs? Yeah!
And much more.

Slides available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7214618/

Black Hills Computer Security Social Networks
Twitter: https://twitter.com/BHinfoSecurity
Juggernaut: https://infosec.exchange/@blackhillsinfosec
LinkedIn: https://www.linkedin.com/company/antisyphon-training
Discord: https://discord.gg/ffzdt3WUDe

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

Black Hills IT Security Services
Active SOC: https://www.blackhillsinfosec.com/services/active-soc/
Penetration testing: https://www.blackhillsinfosec.com/services/
Incident response: https://www.blackhillsinfosec.com/services/incident-response/

Backdoors and Breaches – Incident Response Card Game
Backdoors and Breaches: https://www.backdoorsandbreaches.com/
Play B&B online: https://play.backdoorsandbreaches.com/

Anti-siphon training
Pay what you can: https://www.antisyphontraining.com/pay-what-you-can/
Live training: https://www.antisyphontraining.com/course-catalog/
On-demand training: https://www.antisyphontraining.com/on-demand-course-catalog/

Educational content on IT security
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest
Active Countermeasures YouTube: https://youtube.com/activecountermeasures
Antisyphon training YouTube: https://www.youtube.com/antisyphontraining

Join us at the annual Information Security Conference in Deadwood, SD (in person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
#bhis #infosec

Please take the opportunity to connect and share this video with your friends and family if you find it useful.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Policy | Terms of Services | Contact us | DMCA

We adhere to fair use guidelines when quoting from other sources. We provide brief excerpts and proper attribution.

Redway © 1999-2024