SlideShare a Scribd company logo

Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?

BeyondTrust
BeyondTrust

In this presentation from her webinar, Paula Januszkiewicz, Security MVP, CEO at CQURE takes you on a technical deep dive in the Active Directory monitoring world. Topics covered include: - The importance of properly tracking changes to AD - Why (and how) changes to AD could impact the security of the environment - How to monitor AND INSPECT some key situations in AD - How to tell who, a group of Admins, has made specific changes You can watch the on-demand webinar here: https://www.beyondtrust.com/resources/webinar/active-directory-auditing-tools-building-blocks-just-handful-dust/

Software
1 of 29
Download to read offline
Active Directory Auditing Tools: Building Blocks or Just a Handful of Dust? @paulacqure @CQUREAcademy CONSULTING Paula Januszkiewicz CQURE: CEO, Penetration Tester; Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT www.cqureacademy.com paula@cqure.us
What does CQURE Team do? Consulting services  High quality penetration tests with useful reports Applications Websites External services (edge) Internal services + configuration reviews  Incident response emergency services – immediate reaction!  Security architecture and design advisory  Forensics investigation  Security awareness For management and employees info@cqure.us Trainings  Security Awareness trainings for executives  CQURE Academy: over 40 advanced security trainings for IT Teams  Certificates and exams  Delivered all around the world only by a CQURE Team: training authors
Chasing the obvious: NTDS.DIT, SAM The above means: To read the clear text password you need to struggle!
Identity is the new security “perimeter” under attack One small mistake can lead to attacker control Attackers Can • Steal any data • Encrypt any data • Modify documents • Impersonate users • Disrupt business operations Active Directory and Administrators control all the assets
Tier 2 Workstation & Device Admins Tier 0 Domain & Enterprise Admins Tier 1 Server Admins 1. Beachhead (Phishing Attack, etc.) 2. Lateral Movement a. Steal Credentials b. Compromise more hosts & credentials 3. Privilege Escalation a. Get Domain Admin credentials 4. Execute Attacker Mission a. Steal data, destroy systems, etc. b. Persist Presence Compromises privileged access 24-48 Hours Phase 1 Critical Mitigations: Typical Attack Chain
Making and Measuring Progress against Risk 2-4 weeks 1-3 months 6+ months Detect Attacks Harden ConfigurationDomain Controller (DC) Host Attacks Credential Theft & Abuse Reduce Agent Attack Surface Attacker Stealth Prevent Escalation Prevent Lateral Traversal Increase Privilege Usage Visibility AD Attacks Assign Least Privilege Attack Defense Securing Privileged Access Three Stage Roadmap http://aka.ms/privsec
Protecting Active Directory and Admin privileges 1. Separate Admin account for admin tasks 3. Unique Local Admin Passwords for Workstations http://Aka.ms/LAPS 2. Privileged Access Workstations (PAWs) Phase 1 - Active Directory admins http://Aka.ms/CyberPAW 4. Unique Local Admin Passwords for Servers http://Aka.ms/LAPS 2-4 weeks 1-3 months 6+ months First response to the most frequently used attack techniques
First response to the most frequently used attack techniques 2-4 weeks 1-3 months 6+ months DC Host Attacks Credential Theft & Abuse Attacker Stealth AD Attacks Top Priority Mitigations Attack Defense Detect Attacks Harden DC configuration Reduce DC Agent attack surface Prevent Escalation Prevent Lateral Traversal Increase Privilege Usage Visibility Assign Least Privilege
Protecting Active Directory and Admin privileges 2. Time-bound privileges (no permanent admins) http://aka.ms/PAM http://aka.ms/AzurePIM 1. Privileged Access Workstations (PAWs) Phases 2 and 3 –All Admins and additional hardening (Credential Guard, RDP Restricted Admin, etc.) http://aka.ms/CyberPAW 4. Just Enough Admin (JEA) for DC Maintenance http://aka.ms/JEA 987252 1 6. Attack Detection http://aka.ms/ata 5. Lower attack surface of Domain and DCs http://aka.ms/HardenAD 2-4 weeks 1-3 months 6+ months Build visibility and control of administrator activity, increase protection against typical follow-up attacks 3. Multi-factor for elevation
Build visibility and control of admin activity 2-4 weeks 1-3 months 6+ monthsAttack Prevent Escalation Defense
Protecting Active Directory and Admin privileges 2. Smartcard or Passport Authentication for all admins http://aka.ms/Passport 1. Modernize Roles and Delegation Model 3. Admin Forest for Active Directory administrators http://aka.ms/ESAE 5. Shielded VMs for virtual DCs (Server 2016 Hyper-V Fabric) http://aka.ms/shieldedvms 4. Code Integrity Policy for DCs (Server 2016) 2-4 weeks 1-3 months 6+ months Move to proactive security posture
Move to proactive security posture 2-4 weeks 1-3 months 6+ monthsAttack Prevent Escalation Prevent Lateral Traversal Defense
What is the most successful path for the attack right now?
:) THE ANATOMY OF AN ATTACK Healthy Computer User Receives Email User Lured to Malicious Site Device Infected with Malware
HelpDesk Logs into Device Identity Stolen, Attacker Has Increased Privs :) Healthy Computer User Receives Email User Lured to Malicious Site Device Infected with Malware
User Lured to Malicious Site Device Infected with Malware HelpDesk Logs into Device Identity Stolen, Attacker Has Increased Privs ceives il
“PASS THE HASH” ATTACKS Today’s security challenge
TODAY’S SECURITY CHALLENGE PASS THE HASH ATTACKS
User: Adm... Hash:E1977 Fred’s Laptop Fred’s User Session User: Fred Password hash: A3D7… Sue’s Laptop Sue’s User Session Pass-The-Hash Technique Malware Session User: Administrator Password hash: E1977… Malware User Session User: Adm… Hash: E1977 User: Sue Hash: C9DF User: Sue Password hash: C9DF… File Server User: Sue Hash:C9DF 1 3 4 1. FRED RUNS MALWARE, HE IS A LOCAL ADMINISTRATOR 2. THERE IS A PASS THE HASH SESSION ESTABLISHED WITH ANOTHER COMPUTER 3. MALWARE INFECTS SUE’S LAPTOP AS FRED 4. MALWARE INFECTS FILE SERVER AS SUE 2
Pass-The-Hash Solution: Virtual Secure Mode VSM uses Hyper-V powered secure execution environment to protect derived credentials – you can get things in but can’t get things out Decouples NTLM hash from logon secret Fully randomizes and manages full length NTLM hash to prevent brute force attack Derived credentials that VSM protected LSA Service gives to Windows are non- replayable
Summary: Best Practices Vulnerability Management Continuous vulnerability discovery Context-Aware Analysis Prioritization Remediation and Tracking Put on the Hacker’s Shoes External + Internal + Web Penetration tests Configuration reviews Prevention
PowerBroker Auditing & Security Suite Real-time Change Auditing and Recovery for AD and Windows environments
PowerBroker Auditing & Security Suite Centralized real-time change auditing of Active Directory, File Systems, Exchange, SQL and NetApp Entitlement reporting for AD and File Systems Continuous backup and recovery for AD
How does it work?
Demonstration
Quick Poll + Q&A Thank you for attending today’s webinar.

Recommended

Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
Alert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
Alert Logic
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
Alert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
Alert Logic
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
BeyondTrust
 

Recommended

Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
Alert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
Alert Logic
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
Alert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
Alert Logic
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
BeyondTrust
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
Alert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
Alert Logic
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
Alert Logic
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
BeyondTrust
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directory
Priyanka Aash
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudCloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
MarkAnnati
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Secure Active Directory in one Day Without Spending a Single Dollar
Secure Active Directory in one Day Without Spending a Single DollarSecure Active Directory in one Day Without Spending a Single Dollar
Secure Active Directory in one Day Without Spending a Single Dollar
David Rowe
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
AllanGray11
 
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deployEscalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
David Rowe
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
David Rowe
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
Websecurify
 
Is the door to your active directory wide open and unsecure
Is the door to your active directory wide open and unsecureIs the door to your active directory wide open and unsecure
Is the door to your active directory wide open and unsecure
David Rowe
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
 
Security precognition chaos engineering in incident response
Security precognition chaos engineering in incident responseSecurity precognition chaos engineering in incident response
Security precognition chaos engineering in incident response
Priyanka Aash
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing Services
Ahmad Sharaf
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
Paula Januszkiewicz
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hacking
faizanmalik255119
 

More Related Content

What's hot

Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
Alert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
Alert Logic
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
Alert Logic
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
BeyondTrust
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directory
Priyanka Aash
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudCloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
MarkAnnati
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Secure Active Directory in one Day Without Spending a Single Dollar
Secure Active Directory in one Day Without Spending a Single DollarSecure Active Directory in one Day Without Spending a Single Dollar
Secure Active Directory in one Day Without Spending a Single Dollar
David Rowe
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
AllanGray11
 
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deployEscalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
David Rowe
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
David Rowe
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
Websecurify
 
Is the door to your active directory wide open and unsecure
Is the door to your active directory wide open and unsecureIs the door to your active directory wide open and unsecure
Is the door to your active directory wide open and unsecure
David Rowe
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
 
Security precognition chaos engineering in incident response
Security precognition chaos engineering in incident responseSecurity precognition chaos engineering in incident response
Security precognition chaos engineering in incident response
Priyanka Aash
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing Services
Ahmad Sharaf
 

What's hot (20)

Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
 
Beyond the mcse red teaming active directory
Beyond the mcse red teaming active directoryBeyond the mcse red teaming active directory
Beyond the mcse red teaming active directory
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the CloudCloud Security or: How I Learned to Stop Worrying & Love the Cloud
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Secure Active Directory in one Day Without Spending a Single Dollar
Secure Active Directory in one Day Without Spending a Single DollarSecure Active Directory in one Day Without Spending a Single Dollar
Secure Active Directory in one Day Without Spending a Single Dollar
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
 
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deployEscalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
 
Creating a fortress in your active directory environment
Creating a fortress in your active directory environmentCreating a fortress in your active directory environment
Creating a fortress in your active directory environment
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
Is the door to your active directory wide open and unsecure
Is the door to your active directory wide open and unsecureIs the door to your active directory wide open and unsecure
Is the door to your active directory wide open and unsecure
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Security precognition chaos engineering in incident response
Security precognition chaos engineering in incident responseSecurity precognition chaos engineering in incident response
Security precognition chaos engineering in incident response
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing Services
 

Similar to Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?

The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
Paula Januszkiewicz
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hacking
faizanmalik255119
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
Jerod Brennen
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat Security Conference
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Network security
Network securityNetwork security
Network security
Akhilesh Jain
 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
Darin Fredde
 
Network security
Network security Network security
Network security
MD. IFTEKARUL ALAM
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
ArjayBalberan1
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Paula Januszkiewicz
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Vinod Kumar
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809Todd Deshane
 
Network security
Network securityNetwork security
Network security
Fekadu Abera
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 

Similar to Active Directory Auditing Tools: Building Blocks or just a Handful of Dust? (20)

The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hacking
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
 
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Windows network
Windows networkWindows network
Windows network
 
Network security
Network securityNetwork security
Network security
 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
 
Network security
Network security Network security
Network security
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
 
Windows network security
Windows network securityWindows network security
Windows network security
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
 
Network security
Network securityNetwork security
Network security
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 

More from BeyondTrust

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
BeyondTrust
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)
BeyondTrust
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
BeyondTrust
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
BeyondTrust
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutUnix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
BeyondTrust
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
BeyondTrust
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
BeyondTrust
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
BeyondTrust
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)
BeyondTrust
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
BeyondTrust
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 

More from BeyondTrust (20)

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutUnix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
 

Recently uploaded

Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 

Recently uploaded (20)

Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 

Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?

  • 1. Active Directory Auditing Tools: Building Blocks or Just a Handful of Dust? @paulacqure @CQUREAcademy CONSULTING Paula Januszkiewicz CQURE: CEO, Penetration Tester; Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT www.cqureacademy.com paula@cqure.us
  • 2.
  • 3. What does CQURE Team do? Consulting services  High quality penetration tests with useful reports Applications Websites External services (edge) Internal services + configuration reviews  Incident response emergency services – immediate reaction!  Security architecture and design advisory  Forensics investigation  Security awareness For management and employees info@cqure.us Trainings  Security Awareness trainings for executives  CQURE Academy: over 40 advanced security trainings for IT Teams  Certificates and exams  Delivered all around the world only by a CQURE Team: training authors
  • 4. Chasing the obvious: NTDS.DIT, SAM The above means: To read the clear text password you need to struggle!
  • 5. Identity is the new security “perimeter” under attack One small mistake can lead to attacker control Attackers Can • Steal any data • Encrypt any data • Modify documents • Impersonate users • Disrupt business operations Active Directory and Administrators control all the assets
  • 6. Tier 2 Workstation & Device Admins Tier 0 Domain & Enterprise Admins Tier 1 Server Admins 1. Beachhead (Phishing Attack, etc.) 2. Lateral Movement a. Steal Credentials b. Compromise more hosts & credentials 3. Privilege Escalation a. Get Domain Admin credentials 4. Execute Attacker Mission a. Steal data, destroy systems, etc. b. Persist Presence Compromises privileged access 24-48 Hours Phase 1 Critical Mitigations: Typical Attack Chain
  • 7. Making and Measuring Progress against Risk 2-4 weeks 1-3 months 6+ months Detect Attacks Harden ConfigurationDomain Controller (DC) Host Attacks Credential Theft & Abuse Reduce Agent Attack Surface Attacker Stealth Prevent Escalation Prevent Lateral Traversal Increase Privilege Usage Visibility AD Attacks Assign Least Privilege Attack Defense Securing Privileged Access Three Stage Roadmap http://aka.ms/privsec
  • 8. Protecting Active Directory and Admin privileges 1. Separate Admin account for admin tasks 3. Unique Local Admin Passwords for Workstations http://Aka.ms/LAPS 2. Privileged Access Workstations (PAWs) Phase 1 - Active Directory admins http://Aka.ms/CyberPAW 4. Unique Local Admin Passwords for Servers http://Aka.ms/LAPS 2-4 weeks 1-3 months 6+ months First response to the most frequently used attack techniques
  • 9. First response to the most frequently used attack techniques 2-4 weeks 1-3 months 6+ months DC Host Attacks Credential Theft & Abuse Attacker Stealth AD Attacks Top Priority Mitigations Attack Defense Detect Attacks Harden DC configuration Reduce DC Agent attack surface Prevent Escalation Prevent Lateral Traversal Increase Privilege Usage Visibility Assign Least Privilege
  • 10. Protecting Active Directory and Admin privileges 2. Time-bound privileges (no permanent admins) http://aka.ms/PAM http://aka.ms/AzurePIM 1. Privileged Access Workstations (PAWs) Phases 2 and 3 –All Admins and additional hardening (Credential Guard, RDP Restricted Admin, etc.) http://aka.ms/CyberPAW 4. Just Enough Admin (JEA) for DC Maintenance http://aka.ms/JEA 987252 1 6. Attack Detection http://aka.ms/ata 5. Lower attack surface of Domain and DCs http://aka.ms/HardenAD 2-4 weeks 1-3 months 6+ months Build visibility and control of administrator activity, increase protection against typical follow-up attacks 3. Multi-factor for elevation
  • 11. Build visibility and control of admin activity 2-4 weeks 1-3 months 6+ monthsAttack Prevent Escalation Defense
  • 12. Protecting Active Directory and Admin privileges 2. Smartcard or Passport Authentication for all admins http://aka.ms/Passport 1. Modernize Roles and Delegation Model 3. Admin Forest for Active Directory administrators http://aka.ms/ESAE 5. Shielded VMs for virtual DCs (Server 2016 Hyper-V Fabric) http://aka.ms/shieldedvms 4. Code Integrity Policy for DCs (Server 2016) 2-4 weeks 1-3 months 6+ months Move to proactive security posture
  • 13. Move to proactive security posture 2-4 weeks 1-3 months 6+ monthsAttack Prevent Escalation Prevent Lateral Traversal Defense
  • 14. What is the most successful path for the attack right now?
  • 15. :) THE ANATOMY OF AN ATTACK Healthy Computer User Receives Email User Lured to Malicious Site Device Infected with Malware
  • 16. HelpDesk Logs into Device Identity Stolen, Attacker Has Increased Privs :) Healthy Computer User Receives Email User Lured to Malicious Site Device Infected with Malware
  • 17. User Lured to Malicious Site Device Infected with Malware HelpDesk Logs into Device Identity Stolen, Attacker Has Increased Privs ceives il
  • 18.
  • 21. User: Adm... Hash:E1977 Fred’s Laptop Fred’s User Session User: Fred Password hash: A3D7… Sue’s Laptop Sue’s User Session Pass-The-Hash Technique Malware Session User: Administrator Password hash: E1977… Malware User Session User: Adm… Hash: E1977 User: Sue Hash: C9DF User: Sue Password hash: C9DF… File Server User: Sue Hash:C9DF 1 3 4 1. FRED RUNS MALWARE, HE IS A LOCAL ADMINISTRATOR 2. THERE IS A PASS THE HASH SESSION ESTABLISHED WITH ANOTHER COMPUTER 3. MALWARE INFECTS SUE’S LAPTOP AS FRED 4. MALWARE INFECTS FILE SERVER AS SUE 2
  • 22. Pass-The-Hash Solution: Virtual Secure Mode VSM uses Hyper-V powered secure execution environment to protect derived credentials – you can get things in but can’t get things out Decouples NTLM hash from logon secret Fully randomizes and manages full length NTLM hash to prevent brute force attack Derived credentials that VSM protected LSA Service gives to Windows are non- replayable
  • 23. Summary: Best Practices Vulnerability Management Continuous vulnerability discovery Context-Aware Analysis Prioritization Remediation and Tracking Put on the Hacker’s Shoes External + Internal + Web Penetration tests Configuration reviews Prevention
  • 24.
  • 25. PowerBroker Auditing & Security Suite Real-time Change Auditing and Recovery for AD and Windows environments
  • 26. PowerBroker Auditing & Security Suite Centralized real-time change auditing of Active Directory, File Systems, Exchange, SQL and NetApp Entitlement reporting for AD and File Systems Continuous backup and recovery for AD
  • 27. How does it work?
  • 29. Quick Poll + Q&A Thank you for attending today’s webinar.