Critical Report - Active Directory Risk Quantification and Defense Strategy

中文In-PersonBlue Team
Share NoteInstant QAVideo

time

07:25 ~ 08:10

site

R2

Enterprise widely use Active Directory (AD) as a centralized management solution. While Active Directory provides richness of administration functionalities, there also comes with various security risks. From our study, due to information asymmetry, attackers always discover and abuse attack vectors that are often overlooked or rarely seen by the blue teams to compromise entire domain. without clearly define the risk of attack vectors, there cannot be a effective risk control. Therefore, we enumerate the attack vectors in Active Directory environment, quantifying the risk of attack vectors and attack path to provide blue teams a way to analyze the security risks in their AD environment for evaluation and management. Before the end of this talk, we will provide the defense strategy for mitigation and detection.

Dexter Chen

Dexter Chen

Dexter Chen is a threat researcher at TXOne Network with a primary focus on penetration testing, red teaming, and Active Directory security. He used to be a red teamer that specialized in lateral movement and operation security in Trend Micro. He was the instructor of several trainings including HITCON training, Cybersecurity Center of Excellence (CCOE), and Ministry of National Defense. Dexter is a cyber security enthusiast who likes to play labs, vulnerabilities, and attack techniques and he is currently the holder of OSCP and OSWE.
Mars Cheng

Mars Cheng

Mars Cheng (@marscheng_) is a manager of TXOne Networks PSIRT and threat research team, responsible for coordinating product security and threat research. Cheng blends a background and experience in both ICS/SCADA and enterprise cybersecurity systems. Cheng has directly contributed to more than 10 CVE-IDs, and has had work published in three SCI applied cryptography journals. Before joining TXOne, Cheng was a security engineer at the Taiwan National Center for Cyber Security Technology (NCCST). Cheng is a frequent speaker and trainer at several international cyber security conferences such as Black Hat, RSA Conference, DEFCON, SecTor, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, SINCON, CYBERSEC, and VXCON. Cheng is general coordinator of HITCON 2022 and was coordinator of HITCON 2021.

English interpretations will be provided for all sessions not presented in English.

Agenda Table

Use event local timezone
TimeZone

00:30

  • Attendant Registration Time

01:20

  • Welcome Speech & Event Introduce

02:10

03:00

  • Break

03:15

04:05

  • Lunch

05:00

05:45

  • Break

06:00

06:45

  • Tea Time

07:00

07:25

08:10

  • Break

08:25

09:10

  • Closing

09:25