Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Securing Active Directory Administration

View Recording

Thursday, April 18, 2019
11:00AM-12:00PM PDT

Brought to you by:

Securing Active Directory Administration, by Sean Metcalf
Defending Active Directory with Wire Data, by Vince Stross

Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised. This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink and software that floods the SOC with alerts.

Is it enough? The overwhelming answer is: No.

The security controls that matter most are the ones that best protect those with the keys to the enterprise, the Active Directory administrators. With this access, an attacker can do anything they want in the environment: access all sensitive data, change access controls and security settings, embed to persist (for years), and often fully manage and control routers, switches, the virtualization platform (VMWare or Microsoft Hyper-V), and increasingly, the cloud platform.

This presentation explores typical administration methods and how attackers exploit them. Furthermore, this session provides the best methods of secure administration to protect privileged credentials.

Guest Presenter:

Sean Metcalf Sean Metcalf

Sean Metcalf is founder and principal consultant at Trimarc ( a consulting company which focuses on improving enterprise Active Directory security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a former Microsoft MVP, and has presented on Active Directory attack and defense at numerous conferences. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog,

Sponsor Presenter:

Vince Stross Vince Stross

Vince Stross is a Principal Security SE at ExtraHop with over 20 years of experience in security, IT operations, cloud/hybrid full-stack development, management, and gardening. He believes that helping his customers shine a light on their unique threat landscape requires comprehensive understanding and visibility into the complex relationships of interconnected systems in the East-West traffic corridor.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners