Security issues with Active Directory have been discussed for many years. It's been 18 years since the "Pass The Hash" attack technique emerged. Have we really completely eliminated these security issues? For example, starting with Windows 11 24H2, NTLM authentication is being phased out, but does that mean Kerberos cannot be attacked? As enterprise architectures gradually shift toward hybrid identity authentication (such as Entra ID and SAML), these vulnerabilities seem to be merging into a larger attack surface.

In this session, we will review the history of Active Directory attacks over the years and introduce related technologies. We will explore various attack methods that arise at the intersection of AD and cloud-based Azure & Entra ID hybrid identity authentication. Using more relaxed and simple concepts, we aim to help everyone quickly understand these potential vulnerabilities and attack vectors, hoping to provide a more comprehensive understanding of these weaknesses to manage related risks within enterprises.