Active Directory Domain Services has been around for 26 years, making it far from a young technology - yet it is not going anywhere anytime soon. Most companies still rely on Active Directory as their primary identity provider and management solution. One might assume that after all these years we have already mastered securing Active Directory with best practices. However, the reality is often the opposite: many AD environments are still poorly secured, which keeps them a common target for attackers.
In this talk, I will demonstrate three important vulnerabilities that still exist in Active Directory and are either unknown or not discussed enough. We will challenge a few assumptions along the way:
- If an account is locked out, can you still brute-force its password?
- If a user is in Protected Users, is the NT hash truly out of reach?
- When you use RDP (MSTSC), does it cache more than just fragments of your screen?
By the end of the session, you will learn that some common assumptions are wrong and that you must always test and verify security controls in practice. You will also leave with practical mitigations and best practices to secure your environment against these vulnerabilities and reduce their impact.
