CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Cybercriminals are capable of penetrating your defenses, accessing your Active Directory (AD), and planting backdoors to maintain persistence. Are you capable of detecting, responding to, and remediating from AD attacks? Do you have protocols in place? This presentation covers traditional AD attack methods, explains the root causes of AD vulnerabilities, and goes into more recent AD attack methods observed in real-world security incidents, including directly escalating privileges in cloud services via man-in-the-middle attacks, various backdoors and their functions, Kerberos vulnerabilities CVE-2020-17049 and CVE-2021-42287, and locking cloud authentication services.
This presentation will focus on the necessary knowledge that managers and defenders need to accurately detect and respond. Cybercriminals are quickly gaining more AD experience than network admins. It is vital that we collaborate, defend, and build upon each other’s knowledge and experience.
John Jiang is a cybersecurity researcher at CyCraft Technology and is currently focused on incident response (IR), endpoint security, and Active Directory (AD) security. He has investigated multiple domestic and foreign APT-level security incidents and continues to perform in-depth analyses of attacker techniques and detection methods. He is an active member of the international cybersecurity community and has spoken at multiple conferences, including Black Hat USA, HITCON, and HITB. He is also the co-founder of the Taiwan cybersecurity organization UCCU Hacker.