SANS CyberCast SANS@MIC - Domain Password Auditing with the Cloud

  • Aired Monday, 06 Apr 2020 3:30PM EDT (06 Apr 2020 19:30 UTC)
  • Speaker: Matthew Toussain

The primary vulnerability in networks today is passwords. Often these bad passwords are not even compliant with the organizations password policy! How does this happen, and how can we tell?

In this talk we will discuss password selection vulnerabilities and demonstrate auditing an Active Directory environment leveraging cloud resources to enhance scale with a low cost to entry. Once we have discovered issues, we will explore techniques to perform statistical analysis and triage our findings for remediation. Passwords are important and they affect all organizations even those who feel like they have solved the problem.