Identities are an crucial part in modern attack scenarios and impersonate identities is one of the main goals for an attacker.
In the first part of this meetup we will guide you through the basics of building an Active Directory, where we explain roles and services. In the 2nd part we then talk about, how an attacker can start his lateral movement with compromised accounts, using pass the hash attacks and golden tickets, to reach their end game goals and getting persistence in the companies network. In the 3rd part we'll than discuss the latest and greatest in identity protection where we introduce you to solutions like Microsoft Advanced Threat Analytics and Azure Advanced Threat Protection - which are the enterprise solutions in Microsoft portfolio to protect, detect and respond to cyber attacks focused on identities.
Thomas von Fragstein:
Thomas works as an IT-Security Consultant at sepago GmbH since 2012 with a wide experience from configuring and securing Active Directory to migrating customers to Office 365. As customers awareness for detecting compromised identities is growing, Thomas has focused on helping customers to deploy Microsofts Adavanced Threat Analytics and Azure Advanced Threat Protection for identity protection.
When Sven joined sepago GmbH his first task was to learn everything about Active Directory Domain Services and their features. Quickly, he built up experience in how to manage, deploy and protect an Active Directory.