Click on the timecodes to jump to that part of the video (on YouTube)
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingActiveDirectory.pdf
0:54 Background behind this webcast, what and why
7:02 Creating resources in Active Directory, User accounts, Groups, and Dummy Computer accounts
18:54 Tools, ResponderGuard, General flow of attacks, reconnaissance, deception and planted credentials
38:12 Password Spraying, honey users, kerberoast, and multicast DNS poisoning
47:20 Detection with CredDefense Kit, ResponderGuard, ResponderGuard Agent, and SQL Server abuse attacks
53:43 Q&A and Closing Thoughts
The 2019 Verizon DBIR indicates that over 50% of all breaches take a month or more to detect.
This webcast covers basic techniques to catch attackers attempting lateral movement and privilege escalation within your environment with the goal of reducing that Mean Time to Detect (MTTD) metric.
Using tactical deception, we will lay out strategies to increase the odds that an attacker will give away their presence early after initial compromise.