MCTTP – Munich Cyber Tactics Techniques and Procedures

Derek Melber

20X Microsoft MVP, @derekmelber

Derek is the Chief Strategist at Braincore, where he provides consulting services to Fortune 500 organizations looking to improve their cloud and on-prem security posture. Derek has been helping enterprises for over 25 years with identity security, Active Directory/Azure Active Directory, cloud identity, Entra ID, Microsoft 365, Intune, Microsoft Defender, CTEM, PAM, MFA, Group Policy, and other integrated technologies. Often asked to speak at events around the world, Derek has spoken and given Keynotes in over 40 countries at events such as RSA, Gartner, Blackhat, and more. Derek has worked for and with companies leading in these areas such as Microsoft, AWS, BeyondTrust, Quest, ManageEngine, SpectreOps, Tenable, and more. You can follow Derek on LinkedIn at @derekmelber and contact him at derekm@braincore.net.

talks & Q&A

Conference | sep 19

Escalation Paths to Attack Active Directory Certificate Services

Protect the certificates in your infrastructure!

Description

There is a lot of buzz around the exploits of ADCS, which there is good reason. However, most are not aware of two important aspects. There are actually 10 escalations! Yes, there are 10 different escalation paths. Second, there are also many different combinations of issues that make the exploit possible. Thus, remediation can also be very simple, if you know what to look for and how to fix it. Ideally you can do this with a spreadsheet or even Word. However, that is not the case. You really need to use a tool. We will use Bloodhound to look into how this is done with analytics. This is a free solution, so don't fret! In this session, 20 times Microsoft MVP Derek Melber will give you a complete view of the ADCS issue, with a breakdown of how you can quickly determine if you are susceptible to the attack and if you are, how you can remediate it! When you are done with this session, you will be able to protect yourself from this attack and keep your ADCS running!

Why the committee chose this talk

Microsoft CAs are used in nearly every onPremise installation as a trust anchor. Protecting it is of utmost importance for the defenders.