Navigating the Red Forest presented at BSidesManchester 2019

by Derek Price,

Summary : Successful cyber attacks often involve gaining administrative access to a domain within a short amount of time. This results in bad actors having remote access to an organisation’s highly confidential information, which could include client information, source code and intellectual property. Attacks like these can have a severe financial impact through incident response and the implementation of remediations taking many person hours, along with intangible damage to reputation.To combat these types of attack Microsoft introduced the concept of ESA (Enhanced Security Administration), also known as the Red Forest, to allow administrators to administrate with enhanced security and protection. This talk is aimed at those considering the implementation of the Red Forest but have not yet had the time to investigate in detail. The architecture and logistics of building the RedForest will be covered, along with Privileged Access Workstations (PAWs), which are given to all administrators as part of the Red Forest build out.Windows Administration experience is presumed; the talk will provide advice on the strengths that the Red Forest can offer to a company and how to get up and running quickly and effectively. Gotchas and blockers found during the build out phases will also be discussed to save attendees from hitting the same issues.