2024-06-08, 15:00–15:45, Track 1 (UC Conference Rm A)
This presentation will discuss offensive tradecraft that establishes elevated persistence within an Active Directory environment. We will discuss offensive and defensive considerations covering the operational flow of technique execution. Additionally, we will provide guidance on detecting, triaging, and recovering from identified domain persistence techniques.
We’ll dive into the Active Directory domain persistence techniques focused on identifying attacks and reclaiming control over organizational domains after a breach. Additionally, we’ll cover post-compromise strategies, detailing the steps necessary for rotating domain secrets and enhancing Windows Security event auditing to better detect domain persistence activities. This presentation will serve as a starting guide for critical technique detection generation and organizational recovery scenarios.
Josh Prager has over 13 years’ experience focusing on DoD red team infrastructure, cyber threat emulation and threat hunting. As a former threat hunter in the Federal industry, he provided various cyber threat emulation and threat hunting assessments throughout DOD environments. As a principal consultant at SpecterOps, he guides clients in developing the maturity of their detection and response programs, building their detection engineering capabilities, and ensuring detective and preventive coverage of offensive techniques.