I know what your 'Microsoft Mainframe' did last summer! - HacKtive Directory Forensics

Active Directory runs at the majority the world's organizations' identity and access control for nearly three decades, yet with new attacks and creative attack paths found constantly. Unique lessons learned on AD forensics incidents, hunting for clues without AD logs (wiped), with open-source tools. We are used to talk about & examine how they got in, what they took out, but not as much about how they moved laterally, performed reconnaissance for assets & entities, achieved persistence & escalated privileges. Active Directory still runs at the majority the world’s organization’s identity and access control. AD Security has come a long way in three decades, with new attacks and creative attack paths found constantly. We’ll take a dive into lessons learned from dozens of AD forensics hands-on incidents, hunting for clues in an enterprise without AD logs (wiped), and share open-source tools.

Presented at Security Fest 2022.

Speaker: Yossi Sassi

About Yossi Sassi

Yossi Sassi

Seasoned InfoSec researcher and hacker. When not playing guitar on the world's rock festivals, Sassi has accumulated extensive experience in information security for around 30 years, in Red-Blue team assessments, conducting DF/IR investigations and more, including Fortune100 accounts. His experience and passion about the topic of Microsoft Security in general and "HAcktive Directory" in particular spans several decades of hands-on experience and unique in-depth knowledge. Ex-member of Javelin Networks (acquired by Symantec in 2018), developing a unique deception solution for Active Directory. Worked for Microsoft 8 years as Technology Group Manager and coded support tools for Windows Server. Sassi spoke at TED and TEDx events, and was awarded 4 Peace and friendship awards. Sassi loves to fly planes, holds a M.A in law, CISSP etc, and speaks regularly at various security conferences worldwide.

 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.