BSides Canberra 2025

Protecting the Forest, Starting at the Roots: AD Hardening & Defence using Modern Techniques
2025-09-26 , Royal Theatre

Active Directory is a complex beast, and remains one of the core technologies holding together a large majority of organisations (second only to Excel). The number of resources available for security practitioners to fundamentally secure AD in the wild are severely lacking. With thousands of guides on how to break it, and almost none on how to secure it, it's time to level the playing field!

This talk will first analyse the root causes of AD attacks from an architectural level, breaking down modern attacks to three "roots": Overprivilege, Protocol Abuse, and Persistence. Leveraging these foundational understandings, the talk will then demonstrate how to strengthen AD from the roots using native modern AD security controls, such as Authentication Silos and RPC filtering.

By the end of this talk, you will have the the tools to mature your AD environment so that it can fight back against tomorrow's attacks, rather than having to keep up with yesterday's.

James is an Intrusion Analyst and Threat Hunter at CrowdStrike (OverWatch), with a strong focus on identity and authentication security. Formerly, he was an Security Engineer at Monash University, and a Systems Engineer at identity startup Lithnet.