My notes:
- No agent, no privilege solution that proactively detect AD attacks (it is done through AD replication API).
- Alsid is known as Tenable.AD now.
- Attacks: authentication protocols, privilege control (SDProp and SPN), user trust, cross-company department, shared IT team, old-configuration, lack of monitoring, cannot disable the account.
- 300+ misconfigurations in AD can be weaponised to compromise AD.
- Kerberoast attacks (cannot be fixed).
- Password stored in memory.
- Prevention is always better than a cure.
- Auditing privileged users.
- Go after legacy: smbv1, NTLMv1, sensitive privileges.
- Old config.