Active Directory Botnets & DACL Backdoors: How Attackers Exploit Native AD Capabilities to Achieve Domain Persistence

STEALTHbits Technologies, Inc © 2018
Identify Threats. Secure Data. Reduce Risk.
STEALTHbits Logo

Adversaries are using Active Directory as a weapon against itself. They are exploiting AD’s native capabilities to perform recon, find targets, escalate privileges, and gain persistence. Some of their malware-less persistence techniques include:
 

  • Active Directory botnets that leverage user attributes to take over domain controllers and use them as a central command for controlling systems
  • Active Directory backdoors that use discretionary access control list (DACL) misconfigurations to create hidden persistence
If you’re not continuously monitoring Active Directory—or setting policies to reduce your threat surface—you’re vulnerable to these attacks. The problem is, even with 24/7 event log monitoring, you may miss relevant threats because event logs are noisy and hard to understand.

In this webinar, Cybersecurity practitioner and STEALTHbits VP of Product Strategy Gabriel Gumbs will walk you through these attacks and show you how to protect your organization using real-time detection, blocking, and mitigation tools that don’t rely on native logging.

View the Webinar!
 

LinkedIn
Twitter
YouTube
STEALTHbits On Demand Webinar Active Directory Botnets & DACL Backdoors: How Attackers Exploit Native AD Capabilities to Achieve Domain Persistence