Attacking and Defending Hybrid Active Directory Environments

Abstract

Organizations have moved to the cloud and are also extending their Identity platforms to cloud. Active directory is increasingly being integrated with Azure Active directory creating a scalable Identity platform often referred to as Hybrid Active Directory.

While this approach helps organizations to integrate their existing identity platform with the cloud, this also increases the attack surface and provides attackers opportunities to move between environments, launch new attacks and maintain long term covert persistence.

Through our experience of performing Incident response, cloud and AD security assessments we have seen some of these techniques being used by the threat actors.

In this talk we will share some of the techniques attackers use to target hybrid active directory and look at ways of how defenders can defend against and hunt for these techniques.


Speakers Information


Anurag Khanna

Anurag Khanna is a Manager with CrowdStrike Services where he leads Incident Response and Consulting services in Asia Pacific and advises organizations when they are in midst of security incidents. Over years Anurag has led multiple breach investigations and incident response engagements involving advanced adversaries for a wide range of industries. He has helped organizations develop cyber defence capabilities to protect against and respond to attacks. He is among few cybersecurity professionals to have the GIAC Security Expert (GSE# 97) credential.


Thirumalai Natarajan

Thirumalai Natarajan is a principal consultant with Mandiant Consulting where he is responsible for performing incident response and remediation for large-scale breaches, active directory and cloud security assessments for global organizations. Over his career experience, Thiru has built and managed security operation centers and detection and response engineering teams across APAC to support organizations to improve their detection and defense posture. Speaker at Black Hat Asia, Virus Bulletin, TB-CERT forum & others. Thiru currently holds CISSP, OSCP and PMP certifications and has held GREM,GCIA,GCFA,GMON certifications.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.