如需獲得最佳網頁瀏覽體驗,請使用 IE 11 或更高版本、Chrome、Firefox 或 Safari。

TEC Talk: Proper Password Protection within Active Directory and Azure Active Directory Environments

Proper Password Protection within Active Directory and Azure Active Directory Environments
录播
  • 记录日期:Nov. 14, 2023
  • 活动:录播
Proper Password Protection within Active Directory and Azure Active Directory Environments

Attacks against Active Directory have been steadily increasing in the last few years. This is because Active Directory holds all domain joined user and machine credentials and permissions, making it a prime target for attackers. Interestingly, a lot of these attacks start by initially compromising an account. In a lot of cases this account doesn’t have a lot of permissions (such as a standard user account), but does allow for thorough enumeration of the AD environment to find misconfigurations and elevate privileges. This brings me to the importance of managing passwords in an Active Directory/ Azure Active Directory environment. AD Passwords are used with computer accounts, user accounts, trusts, service accounts, and more. Microsoft has provided both guidance and technical capability to natively protect these passwords in various ways to shrink the attack surface of the environment. We will review the various situations where account credentials are commonly compromised, the native Microsoft solutions to mitigate the compromise, and when it is appropriate to use which mitigation.

扬声器

Darryl Baker is an Army veteran of twelve years who specialized in weapons instruction before transitioning over to security. He has ten years of experience working in Windows domains in various roles and has spent the last two specializing in Microsoft security with a focus on Active Directory (AD). He has hosted AD CFPs online and at in-person conferences and has written multiple tools and scripts for both discovering Active Directory vulnerabilities and defending against attacks. 

观看免费网络直播

请稍候……

triangle-down check
进行下载即表示您注册以接收我们发送的营销电子邮件。要选择不再接收,请按照我们隐私政策中描述的步骤进行操作。

reCAPTCHA为此站点提供保护。请查看Google的隐私政策使用条款