Active Directory Delegation of administration duties are often recommended by security organisations and Microsoft themselves have been pushing for the use of least privilege principal for quite some time. But what exactly is AD delegation and how can these configurations potentially be abused?
In this webcast, NotSoSecure will show that delegated rights should not be overlooked in a security assessment. A case study will be used to demonstrate how we can detect and understand the impact of these potential logical flaws, and we'll continue through a series of events to see how an attacker can manipulate users and groups to potentially gain access to sensitive company data or even view juicy LAPS and BitLocker attributes. The end goal, surprisingly, might not be the ever sought after Domain Admin crown.
Key takeaways:
Owen Shearing has worked in the IT industry for a number of years, the last 7 specifically within security. He is an Associate Director at NotSoSecure, a specialist IT security company delivering high-end IT security consultancy and training. Owen has delivered NotSoSecure training courses at Blackhat Asia, USA and EU over the past couple of years. He runs the blog rebootuser.com and has authored tools which can be found at github.com/rebootuser.
Robertson Pimentel, CISSP, CISM, Product Manager, Centrify, has 20 years of work experience focused in many areas: IT Infrastructure, Identity and Access Management, Project Management, People Development/Competency Development and Quality Assurance. These days his goals are to be able to contribute to a breath of subjects and see quick and meaningful results. His interests lie in Access Controls and the impact of security controls in organizational productivity.