Toxic Waste Removal for Active Directory: Quickly Identifying and Safely Removing Dangerous Legacy Permissions

Thursday, April 26, 2018

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

Toxic Waste Removal by Andy Robbins
Identifying Legacy Permissions and Other Vulnerabilities with KnowBe4's Weak Password Test by Greg Kras

Given enough time, nearly every Active Directory environment becomes an incredibly complex web of interlinked, nested, and opaque permissions and privileges. It is that exact complexity that adversaries so commonly and reliably exploit to gain elevated privileges; meanwhile, defenders are left holding the bag, lacking the tooling and time to safely remove legacy permissions. Defenders that dare to attempt to clean up these legacy permissions face a minefield of complex permissions inheritance rules, unclear or non-existence documentation, and the famous anxiety that has stopped every effort before: not knowing what's going to break when you start removing permissions.

This presentation will walk you through a new methodology, empowered by graphs, which will enable you to easily enumerate those legacy permissions, quickly identify the permissions that pose the most risk to your organization, and safely remove those permissions with confidence. For example, we will step you through this process for safely removing dangerous, legacy Exchange permissions. We will also demonstrate how you can model future changes, so you can measure and plan for the risks of granting new permissions and privileges before actually granting them. All tooling and methodologies demonstrated in this talk are free and open source.

Brought to you by:


Guest Presenter:

Andy Robbins

Andy Robbins

Andy Robbins has performed penetration tests and red team assessments for a number of Fortune 500 commercial clients and major U.S. Government agencies. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at DerbyCon. He has a passion for offensive development and red team tradecraft, and helps to develop and teach the 'Adaptive Red Team Tactics' course at Black Hat USA. Twitter: @_wald0

Sponsor Presenter:

Greg Kras

Greg Kras

Greg Kras, Chief Success Officer, KnowBe4 has been making software easier to use for over 20 years, making a name for himself in software development, Greg has focused on solving IT headaches in the most helpful way possible, holding positions such as product management, CT

Sustaining Partners