ATLSECCON 2025

Active Directory (AD) is a cornerstone of enterprise IT environments, providing critical services such as authentication, authorization, and identity management. However, its pervasive use also makes it a prime target for cyber attackers. This paper explores the evolving landscape of Active Directory cyber attacks, focusing on the methods and techniques used by threat actors to compromise AD environments. We will analyze case studies of recent high-profile breaches, highlighting the common vulnerabilities exploited and the tactics employed to escalate privileges, maintain persistence, and exfiltrate sensitive data. The discussion will include an examination of the tools and strategies used in these attacks, such as pass-the-hash, golden and silve ticket, kerberosting, DCSync, Golden SAML and Azure AD Token Theft attacks. We will also cover the latest defensive measures and best practices for securing Active Directory and Azure Active Director, including monitoring, detection, and incident response strategies. The aim is to provide IT professionals and cybersecurity practitioners with actionable insights to fortify their AD environments against sophisticated threats and ensure the integrity and security of their networks.

A brief overview of crypto currency and investigations into offences involving crypto currency.

There is a lot of hype around LLMs and Generative AI in cybersecurity - enough to make one roll their eyes into the back of their head. However, there are also a lot of organizations that are getting real value. In this talk, we will unpack some of the hype - and share real world use cases you can deploy NOW, showing how generative AI is being used today in security operations centers to take an existing process that is bottlenecked by humans, and supercharge it, using AI and automation to do what humans used to have to do - using both open-source as well as commercial tools.

Our personas are fabrications and constructions of our inner self that we project outwards.  We do this through various means and influences such as race, gender, sex, ability, age, culture, religion, norms,  class, and status. For the “real world” aka “irl” we do all this by expression in our clothing, makeup, hairstyling, our hobbies, our network of friends, colleagues, and acquaintances. We leverage all of these facets and we create masks, personas, that we think will best interact with the world around us. The same concepts apply when creating personas for infiltrating online communities. 

Online communities are built on trust, reputation, and currency which can take various forms such as data, crypto, intel and notoriety. This talk is an exploration of techniques; linguistics, OPSEC, OSINT, and SOCENG. Tactical operations and concepts like hours of online operation, timezone shifting, and using low ranking accounts as canon fodder for probing, and psychological models used in the infiltration of emerging threat actor groups.