Defending Against Active Directory Attacks That Leave No Trace
Date: Tuesday, October 12th at 11am PST / 2pm EST
Detecting an in-progress cyberattack is an essential component of any security strategy. But it's getting increasingly harder to spot malicious attackers who gain access to information systems through gaps in the identity system, then move stealthily through the environment—often undetected for weeks or months—before dropping malware. To detect identity system attacks, many companies rely on DC event log consolidation and SIEM solutions. But some attack techniques leave no evidence of malicious activity.
In this session, Tal Sarid will walk through some attack techniques that bypass traditional monitoring solutions.
You’ll come away with guidelines for guarding against cyberattacks that leave no trace:
- Understanding how common attack techniques that bypass logging work, including DCShadow, Group Policy changes (as in the case of Ryuk ransomware), and Zerologon attacks
- How to proactively protect your Active Directory against leave-no-trace attacks by focusing on the replication traffic of DCs to detect changes within Group Policy and changes to specific objects
- How to roll back malicious changes to AD
- How to accelerate your response to malicious changes once they’re detected with focused forensic analysis
About the presenter:
Tal Sarid | Senior Solutions Architect, Semperis
Tal Sarid is the Senior Solutions Architect at Semperis. He has previously worked at Microsoft for 15 years as Strategic Transformation Lead, Senior Evangelist, Principal Consultant and managed the 365 productivity business. Tal is a seasoned entrepreneur and has founded and led Multilayer group, where he provided enterprise computing, security services and solutions.