"I know what your 'Microsoft Mainframe' did last summer!.." by Yossi SASSI

Описание: Active Directory runs the majority the world’s organizations identity & access control for ~three decades, with new attacks and creative attack paths found constantly. Unique lessons learned on AD forensics incidents, hunting for clues without AD logs (wiped), with open-source tools & demos/hands on.

We are used to talk about & examine how they got in, what they took out, but not as much about how they moved laterally, performed reconnaissance for assets & entities, achieved persistence & escalated privileges. Active Directory still runs at the majority the world’s organization’s identity and access control. AD Security has come a long way in three decades, with new attacks and creative attack paths found constantly. We’ll take a dive into lessons learned from dozens of AD forensics hands-on incidents, hunting for clues in an enterprise without AD logs (wiped), and share open-source tools.

Yossi SASSI:
Seasoned InfoSec researcher & hacker. When not playing guitar on the world's largest Rock festivals, Sassi has accumulated extensive experience in information security for ~30 years, in Red-Blue team assessments, conducting DF/IR investigations and more, including Fortune100 accounts. His experience and passion about the topic of Microsoft Security in general & Active Directory in particular spans over 20 years of hands-on experience and unique in-depth knowledge. Ex-member of Javelin Networks (acquired by Symantec in 2018) that developed a unique deception solution for Active Directory. Worked for Microsoft ~8 years as Technology Group Manager and coded support tools for Windows Server. Sassi spoke at TED and TEDx events, and was awarded 4 Peace and friendship awards. Sassi holds a M.A in law, CISSP etc, and speaks regularly at various security conferences worldwide, including OSDFCon, BSides, Microsoft conventions etc.

  / yossi_sassi  
  / yossisassi