Welcome to the VB2021 conference!

arrow left Back

Who owns your hybrid Active Directory? Hunting for adversary techniques!

16:30 - 17:00 UTC Fri 8 Oct 2021
Thirumalai Natarajan Muthiah (Mandiant Consulting) & Anurag Khanna (CrowdStrike Services)
Hybrid Active Directory (AD) is the new workhorse to manage single user identity for both authentication and authorization in on-premises and cloud environments. Hybrid AD environments are of interest to threat actors and defenders alike.

Through our experience in performing incident response and remediation engagements across the globe, we observed various backdoors and misconfigurations in hybrid AD that provided threat actors long term at will privileged access to organizations’ IT environments.

We will cover techniques used by threat actors to maintain persistence, covertly elevate privileges at will, and to maintain and exert control over systems managed by hybrid AD. We will share different hypotheses and hunting techniques to detect misconfigurations and backdoors in a hybrid AD environment.
Thirumalai Natarajan Muthiah
Mandiant Consulting

Thirumalai Natarajan is a principal consultant with Mandiant Consulting where he is responsible for performing incident response and remediation for large-scale breaches, active directory and cloud security assessments, and ransomware defence assessments for global organizations. Over his career experience, Thiru has built and managed security operation centres and detection and response engineering teams across APAC to support organizations to improve their detection and defence posture. Thiru currently holds CISSP, GREM, OSCP and PMP certifications.

Anurag Khanna
CrowdStrike Services

Anurag Khanna is a manager with CrowdStrike Services where he leads Incident Response and Consulting services in Asia Pacific and advises organizations when they are in midst of security incidents. Over the years Anurag has led multiple breach investigations and incident response engagements involving advanced adversaries for a wide range of industries. He has helped organizations develop cyber defence capabilities to protect against and respond to attacks. He is among few cybersecurity professionals to have the GIAC Security Expert (GSE# 97) credential.