Abstract

Using Deception for defence in Active Directory is very fruitful. It makes it possible to target multiple phases of an adversary’s attack methodology. While attacking an enterprise network, adversaries generally enumerate the AD trusts. It is important for them to map the relationships and trusts between domains and forests as it helps in lateral movement and post exploitation.

This talk discusses forging and implanting computers, domain and forest objects in an AD environment. Such objects target the attacker mind-set and methodology by providing easy yet high value targets. We will see how this deception technique traps an adversary across an enterprise attack cycle.

Open source scripts for deployment of discussed techniques will also be discussed during the talk. The talk will be full of live demonstrations.