Lessons Learned From a Decade of Attacks Against Microsoft Identity Systems
It has been 10 years since the infamous Black Hat “Golden Ticket” talk, which described how attackers could escalate privilege and persist in Active Directory.
Attackers have continued to exploit weak configurations and vulnerabilities in Microsoft identity systems—Active Directory (AD) and Entra ID—to evade cybersecurity defenses, escalate privileges, create persistence, and exfiltrate data. Have your defenses kept pace?
In the 20+ years since its debut, AD security has been further complicated by cloud integration components and connectivity with Entra ID (formerly Azure AD). This session walks you through a timeline of major attack methods against AD and Entra ID, including attacks against Active Directory Certificate Services (ADCS), and discusses how best to mitigate and defend against such tactics. You’ll also learn how more-recent attack techniques have built on older methods to increase threat efficacy and enterprise compromise, how modern attacks have become increasingly nuanced, and how to best structure your cyber defenses to protect against current identity threats.
