2025-09-26 –, Murray-Fitzroy Room
This fast-paced workshop offers a deep dive into Windows Active Directory (AD), focusing on what security professionals need to know.
We'll cover Active Directory security and dive into a couple of Kerberos attacks. The workshop is divided into two parts: the first provides an introduction to Active Directory in general, while the second focuses on Kerberos and attacks that target it.
Rather than concentrating on a specific tool, this workshop covers attack techniques used by threat actors within Active Directory and teaches defenders how to detect and protect against them.
Student Requirements
A x86 laptop with a newer CPU and a minimum of 16 GB (preferably 32 GB) of RAM.
VMware Workstation software
To follow along and practice during the workshop, you can set up your lab environment beforehand. The instructions are available at https://rudrasec.cloud/ad-lab-setup/ and the setup should take approximately 2-3 hours.
Anurag is a Director with the CrowdStrike Digital Forensics and Incident Response (DFIR) team, where he leads the team in Asia Pacific. His team works on several incident response investigations that involve nation state and eCrime adversaries every year.
He has led several high profile investigations over years involving nation state threat actors, investigating threat actor activity, scoping the incidents, creating and executing eviction plans and helping organisations improve detection capabilities .His work has led to detection and tracking of previously unknown threat actor groups and malware.
He has also been involved in eCrime incident response investigations, often getting into knife fights with adversaries, during dynamic threat actor activity.
Anurag is a SANS Certified Instructor where he teaches SEC504: Hacker Tools, Techniques, and Incident Handling.