Defusing an In-Progress Identity System Attack

Tuesday, 14 Sep 2021 1:00PM EDT (14 Sep 2021 17:00 UTC)
Speakers: Gil Kirkpatrick, Guido Grillenmeier

Early in 2021, attackers breached the identity system of a global company with a playbook that is becoming all too common compromising Active Directory, moving laterally and escalating privileges to achieve their objectives. Using lessons learned from the front lines of this cyberattack, Active Directory security experts Guido Grillenmeier and Gil Kirkpatrick walk through the steps organizations can take to effectively respond to an in-progress attack. They'll do a deep dive into this real-life incident to uncover how the attack was conducted, how the response team initially halted the malware from spreading, and what the company discovered in a post-attack analysis about the Active Directory vulnerabilities that remained.

What you'll learn:

How to immediately and proactively check Active Directory configuration settings to contain the damage from an in-progress attack

How to assess your AD environment to close remaining security gaps that cybercriminals can exploit

How to avoid common pitfalls in executing a full AD forest recovery to a known-secure state

Login to Register

Sponsor

Related Content

SANS_-_Blog_-_Zero_Trust_-_What_is_Zero_Trust_Architecture_-340x340_Thumb.jpg

What is Zero Trust Architecture?

This article outlines what Zero Trust is, how Zero Trust works, the five core principles of Zero Trust, and the stages of implementing Zero Trust.

SANS Cyber Defense

A Visual Summary of SANS Blue Team Summit 2023

Check out these graphic recordings created in real-time throughout the event for SANS Blue Team Summit 2023

Top 5 Reasons to Attend SANS Blue Team Summit 2023

The SANS Blue Team Summit & Training 2023, June 12-13 brings together world-class experts from the industry to share their insights & best practices.