The presentation discusses the flaws in Active Directory administration and the challenges in securing admin credentials. It also explores methods for identifying and exploiting these insecurities.
- Admins are being dragged into a new paradigm where they have to more securely administer the environment.
- The talk explores some common methods Active Directory administrators (and others) use to protect their admin credentials and the flaws with these approaches.
- New recon methods will be provided on how to identify if the org uses an AD Red Forest (aka Admin Forest) and what that means for one hired to test the organization's defenses.
- The presentation also covers challenges and problems with multi-factor password vaults and how to bypass and subvert past results.
- The vaulted admin forced aka the red forest is discussed as well as how to attack read-only domain controllers to compromise AD.
The speaker emphasizes the importance of capturing both domain admins and administrators group as the latter has full AD admin rights. He also notes that there are no domain admins in some environments, but this does not mean that the administrators group should be overlooked. The presentation provides a command to enumerate the members of domain admins and administrators group. The speaker also mentions that organizations should not assume that using a password vault makes them secure as there are still vulnerabilities that can be exploited.