STEALTHbits Technologies, Inc © 2017
Identify Threats. Secure Data. Reduce Risk.

Active Directory Botnets & DACL Backdoors: How Attackers Exploit Native AD Capabilities to Achieve Domain Persistence


Adversaries are using Active Directory as a weapon against itself. They are exploiting AD’s native capabilities to perform recon, find targets, escalate privileges, and gain persistence. Some of their malware-less persistence techniques include:
  • Active Directory botnets that leverage user attributes to take over domain controllers and use them as a central command for controlling systems
  • Active Directory backdoors that use discretionary access control list (DACL) misconfigurations to create hidden persistence
If you’re not continuously monitoring Active Directory—or setting policies to reduce your threat surface—you’re vulnerable to these attacks. The problem is, even with 24/7 event log monitoring, you may miss relevant threats because event logs are noisy and hard to understand.

In this webinar, Cybersecurity practitioner and STEALTHbits VP of Product Strategy Gabriel Gumbs will walk you through these attacks and show you how to protect your organization using real-time detection, blocking, and mitigation tools that don’t rely on native logging.
LinkedIn
Twitter
YouTube
STEALTHbits Technologies

Register Now

Date: Tuesday, August 29th 
Time: 1:00 PM ET/12:00 PM CT
Duration: 30 minutes plus live Q&A
 

Presenters

STEALTHbits Technologies

Live Webinar

Adam Laub

Gabriel Gumbs
VP, Product Strategy
STEALTHbits Technologies, Inc.