Ever since Windows 2000 first released, Windows Active Directory has been a treasure trove of vulnerabilities year after year and thus a favorite attack vector for cybercriminals. This talk will explore and explain the most common AD attack methods, defense prioritization after the domain controller is taken down, how cybercriminals consistently break through defenses, debunk some myths regarding the AD, and breakdown how Solarigate abused the AD and got access to cloud resources. These problems suggest that network administrators see the AD as a black box--knowing of its importance but lacking the technical know-how to properly defend it.

Lastly, we’ll open the “black box”. We will discuss how the Active Directory works, why it’s so vulnerable, how cybercriminals penetrate its defenses so often, and provide actionable insight on creating and maintaining effective Active Directory defense practices and policies.