Active Directory Botnet

Started by deanwebb, August 30, 2017, 07:22:56 AM

Previous topic - Next topic

deanwebb

https://www.darkreading.com/endpoint/the-active-directory-botnet/v/d-id/1329756?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

:shock: :kramer:

Mitigation? At 6:48, the guys tell us to turn off AD features we're not using and if you want a REALLY REALLY segmented environment, it should not use corporate AD, but use its own AD system. Also, turn on logging for AD features. That sounds like lots and lots of fun for the guys in the SOC who already don't know how to handle the alerts coming in from the firewalls and IPSes...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.