- Video: RVAsec 2023: Qasim Ijaz – Feature or a Vulnerability? Tale of an Active Directory Pentest
- Slides: https://rvasec.com/slides/2023/Ijaz_Qasim-Feature-or-Vulnerability_rvasec_12.pdf
- Twitter: @hashtaginfosec
This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).
About Qasim – Qasim “”Q”” Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “”dry”” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.
- Video: RVAsec 2023: Andrew Skatoff – Maturing your Threat Hunting Operations
- Slides: https://rvasec.com/slides/2023/Skatoff_Andrew-Maturing-Hunt-Ops.pdf
- Twitter: @dfir_tnt
This talk will present a roadmap for designing a mature threat hunting service. A maturity model will be shared, along with prerequisites and incremental steps along the way.
Having built the Threat Hunting service at the Federal Reserve, I will share our journey, recommend approaches and resources, and provide a path for listeners to follow to do the same.
About Andrew – Andrew has been securing and protecting critical infrastructure networks since 2002.
Raised by a Topgun Marine fighter pilot and a middle school special education teacher, Andrew was always driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a better and safer place.
His love for computers started in college and after spending several years providing tech support in the energy and financial sectors, he achieved his MCSE certification. This led to his first information security job supporting a migration to active directory. Andrew then went on to champion, design and implement an automated compliance and vulnerability management program.
Andrew has been developing and leading incident response, malware analysis, threat hunting and digital forensics services for the past 18 years in critical infrastructure financial organizations.
He currently holds GREM, GCFA, GDAT, GNFA and CISSP certifications and serves as an Cybersecurity Senior Manager at a large financial organization.