ATLSECCON 2025

Active Directory (AD) is a cornerstone of enterprise IT environments, providing critical services such as authentication, authorization, and identity management. However, its pervasive use also makes it a prime target for cyber attackers. This paper explores the evolving landscape of Active Directory cyber attacks, focusing on the methods and techniques used by threat actors to compromise AD environments. We will analyze case studies of recent high-profile breaches, highlighting the common vulnerabilities exploited and the tactics employed to escalate privileges, maintain persistence, and exfiltrate sensitive data. The discussion will include an examination of the tools and strategies used in these attacks, such as pass-the-hash, golden and silve ticket, kerberosting, DCSync, Golden SAML and Azure AD Token Theft attacks. We will also cover the latest defensive measures and best practices for securing Active Directory and Azure Active Director, including monitoring, detection, and incident response strategies. The aim is to provide IT professionals and cybersecurity practitioners with actionable insights to fortify their AD environments against sophisticated threats and ensure the integrity and security of their networks.

A brief overview of crypto currency and investigations into offences involving crypto currency.

There is a lot of hype around LLMs and Generative AI in cybersecurity - enough to make one roll their eyes into the back of their head. However, there are also a lot of organizations that are getting real value. In this talk, we will unpack some of the hype - and share real world use cases you can deploy NOW, showing how generative AI is being used today in security operations centers to take an existing process that is bottlenecked by humans, and supercharge it, using AI and automation to do what humans used to have to do - using both open-source as well as commercial tools.

Our personas are fabrications and constructions of our inner self that we project outwards.  We do this through various means and influences such as race, gender, sex, ability, age, culture, religion, norms,  class, and status. For the “real world” aka “irl” we do all this by expression in our clothing, makeup, hairstyling, our hobbies, our network of friends, colleagues, and acquaintances. We leverage all of these facets and we create masks, personas, that we think will best interact with the world around us. The same concepts apply when creating personas for infiltrating online communities. 

Online communities are built on trust, reputation, and currency which can take various forms such as data, crypto, intel and notoriety. This talk is an exploration of techniques; linguistics, OPSEC, OSINT, and SOCENG. Tactical operations and concepts like hours of online operation, timezone shifting, and using low ranking accounts as canon fodder for probing, and psychological models used in the infiltration of emerging threat actor groups.

Social engineering isn’t just about tricking people—it’s about understanding how humans think, behave, and make decisions in the moment. As a professional social engineer, Snow has spent her career breaking into buildings, bypassing security measures, and convincing people into handing over sensitive information. Sometimes, she succeeds. Other times, she gets caught. Either way, every engagement can reveal critical security gaps that organizations overlook.

In this keynote, Snow will take you inside the mind of a social engineer, sharing real-world stories, the tactics that work (and why), and the moments where organizations fought back effectively. We’ll also examine a hard truth: traditional security awareness training is failing us. But this isn’t just about her stories - it’s about your security. Throughout the talk, Snow will leave you with critical questions to take back to your organization.