DEFCON Group DCG518 presenting 'The Crown’s Weak Link'

The Crown's Weak Link :
Unmasking Active Directory ESC Misconfigurations, Exploiting Flaws in Active Directory Certificate Services (ADCS) for Full Domain Compromise

Have you used Kerberos and Public Key Infrastructure (PKI) to “secure” your Active Directory environment? This talk unravels how a simple misconfiguration within ESC can lead to easy wins for an attacker and complete control over your Active Directory domain.

Privilege escalation in Active Directory (AD) allows cyber attackers to increase access within the environment and potentially compromise entire networks—undetected.

We’ll walk through why ESC flaws are so damaging and which template settings to avoid when using ADCS. You’ll see how attackers can chain vulnerabilities like PetitPotam (NTLM Relay Attack) and ADCS web enrollment for privilege escalation, achieving Domain Admin in less than 30 seconds.
By the end of this presentation, you will understand which configurations to avoid and how to detect these flaws in your own environment for prevention, mitigation and remediation purposes. We’ll also cover detection tools and how this data can be ingested into platforms like BloodHound.

• For more information and updates, check our site https://dc518.github.io/
• Doors open at 1:00pm for social hang out. The presentation starts sharp at 2pm.
  The Guilderland Public Library is located at 2228 Western Avenue, Guilderland, New York 12084
• This event is free and open to all the community. No attendee limits.