Join 7 Minute Security and Project7 for a fun discussion and demo of how to find Active Directory low-hanging hacker fruit, as well as how to attack (and defend against) it!
00:00 And so it begins
00:28 Brian and Paul introduce themselves
04:12 Review of PingCastle for offending/defending Active Directory networks
11:23 Exploiting DNS zone transfers
14:44 Password spraying Active Directory accounts
29:05 Abusing unquoted service paths
34:18 Using krbrelayup to privesc on a workstations or server
41:29 Poisoning network traffic to snag creds with Inveigh
53:58 Forging domain admin certificates with Active Directory Certificate Services