Finding Our Path: How We're Trying to Improve Active Directory Security presented at BlackHatUSA2019 2019

by Rohan Vazarkar, Will Schroeder, Andy Robbins,

Summary : As the dominant directory service solution, Active Directory persists as the crucial backbone of identity, authentication, and security for organizations of all sizes. Over time, nearly every Active Directory environment becomes an unwieldy, complex, and dynamic web of operating systems, user behaviors, and configurations. Historically, understanding the implications of any one user logon or configuration has taken hours -- understanding the implications of millions of user logons and configurations was almost impossible.In this talk, we will share our success stories, lessons learned, and methodologies for enumerating, understanding, and mitigating the risks posed by disparate user behaviors and configurations. Whether your network has 50, 5,000, or 500,000 computers joined to Active Directory, you’ll walk away from this talk knowing how to greatly enhance your organization’s Active Directory security posture in days or weeks, not years. We will also demonstrate several attack primitives that are newly tracked by BloodHound, including Resource-Based Constrained Delegation.