Threat Hunting in Active Directory Environment
Mandiant conducted multiple investigations and observed techniques that attackers preferred as they conducted privilege escalation to move laterally, persist in the environment, and blend in. Backdoors and misconfigurations on Active directory systems provided attackers with long term privileged access to…
Mandiant conducted multiple investigations and observed techniques that attackers preferred as they conducted privilege escalation to move laterally, persist in the environment, and blend in. Backdoors and misconfigurations on Active directory systems provided attackers with long term privileged access to the environment.Based on our learnings dealing with remediation on the frontlines, we observed closely the challenges customers had in recognizing and remediating these attacker techniques. These challenges were further influenced by the adoption of controls, and attacker sophistication in APJ.We will cover, in depth, different methods used by attackers to maintain persistence, covertly elevate privileges at will, and maintain and exert control over systems managed by Active Directory…..
By:
Anurag Khanna & Thirumalai Natarajan Muthiah
Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-21/briefings/schedule/#threat-hunting-in-active-directory-environment-22292
