BHIS Webcasts

Active Directory Attack Path in Action

Listen Later

Are small Active Directory misconfigurations putting you at risk?

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – 

https://poweredbybhis.com


🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/01/SLIDES_Active-Directory-Attack-Path-in-Action.pdf

Antisyphon Training events featuring Alyssa & Kaitlyn
https://www.antisyphontraining.com/search/Alyssa%20Kaitlyn

Chapters

  • (00:00) - Intro - Active Directory Attack Path in Action
  • (02:06) - Alyssa and Kaitlyn Fun Facts
  • (02:43) - Webcast Overview
  • (03:34) - Web Services
  • (06:20) - Jenkins Env Hunter - Tool by Kent Ickler!
  • (07:53) - Test Credentials
  • (08:57) - Username Enumeration
  • (12:12) - Domain Enumeration
  • (14:11) - NetExec
  • (15:12) - BloodHound.py
  • (16:29) - SharpHound
  • (17:28) - ADExplorer
  • (19:30) - Convert Snapshot
  • (20:07) - BOFHound
  • (22:46) - Identify Attack Path
  • (23:55) - Abusing RBCD for Local Priviledge Escalation
  • (26:43) - Machine Account Quota
  • (27:40) - Resource-Based Constrained Delegation Expolitation Flow
  • (30:36) - Create Computer Object
  • (31:58) - Set Delegation
  • (33:22) - Delegation Attribute
  • (33:53) - Select a Target Account
  • (34:34) - Avoid Protected Users
  • (35:24) - Get Privileged TGS
  • (37:07) - Delegation Failure Example
  • (37:39) - Escalation Success
  • (39:18) - Dump local Secrets
  • (40:53) - Domain Admin Compromised
  • (41:39) - Attack Path Summary
  • (44:24) - Defensive Considerations
  • (45:42) - Related Antisyphon Courses
  • (46:08) - More Resources
  • (47:27) - Q&A Start
  • (50:03) - Alternative Path for Attackers
  • (51:30) - Whats the Assumed Compromize Course like?
  • (56:27) - Are Extended Test Timelines an advantage?
  • (57:51) - BHIS "Side Quest" capabilities
  • (58:55) - BHIS CPT On-Boarding Process
  • (01:02:29) - Getting the Ball Rolling on Test Assessments
  • (01:04:22) - The Price of Continous Pen Testing
  • (01:05:30) - Favorite Things About Customer CPTs

    • Join Kaitlyn Wimberley and Alyssa Snow (Black Hills Infosec – Continuous Penetration Testers) for a free one-hour webcast where they’ll walk through an example Active Directory attack path, from un-credentialed network access to Domain Administrator.

    You’ll learn how attackers can escalate from un-credentialed access to Domain Admin, identify common misconfigurations, and understand how small weaknesses can combine to compromise your network.

    Chat with your fellow attendees in the Black Hills Infosec Discord server:
    https://discord.gg/BHIS
    in the #đź”´live-chat channel.


    Brought to you by:

    Black Hills Information Security 

    https://www.blackhillsinfosec.com


    Antisyphon Training

    https://www.antisyphontraining.com/


    Active Countermeasures

    https://www.activecountermeasures.com


    Wild West Hackin Fest

    https://wildwesthackinfest.com

    ...more
    View all episodesView all episodes
    Download on the App Store
    BHIS WebcastsBy Black Hills Information Security