DESCRIPTION

The vulnerabilities with the greatest impact on the entire company are often due to misconfiguration or authorization problems within Active Directory. For most companies, this leads to attackers gaining control of the entire network within hours of the initial compromise (e.g., phishing).

Therefore, a technically repetitive analysis of the Active Directory is not optional and should be firmly integrated into everyday operations, just like patch and asset management.

OBJECTIVES

In this workshop, all relevant information for professional use of the Bloodhound tool will be taught and applied using case studies/demo files. This includes among others:

- Introduction Active Directory & Typical Vulnerabilities

- Introduction to Bloodhound (database, collector, WebGui, AppGui, etc.)

- Installation and initial setup

- Collecting data

- Standard query in the Bloodhound GUI

- Introduction to the neo4j language

- Creation of custom queries

- Integration of custom queries in the AppGUI

- Excerpt of custom queries from HanseSecure

- Detection of vulnerabilities in different demo files

- Examples for implementation of a continuous audit process for the Active Directory

- Optional (if there is still time 😉): Automation

TARGET GROUP

technical IT staff, information security officers

REQUIREMENTS

Workshop participants should have a basic understanding of Active Directory and Windows systems.

In addition, participants must bring laptops that meet the following requirements:

- min 16Gb Ram (for virtualization of a Kali VM)

- Virtualization software (VMware, Virtualbox, etc.)

- Sufficient free disk space (min 50 GB)

- WLAN network interface

SPEAKER

Florian Hansemann