2025-04-13 –, Track 2
As Active Directory attacks rise, red teamers often focus on "pwning" systems, but real-world engagements require understanding the artifacts these tools leave. In “ Think You’re Stealthy? How to Detect Attacks in AD“, we’ll explore the workings of commonly used AD pentest tools and the artifacts they leave behind. Ideal for anyone looking to deepen their knowledge of defense in AD environments.
As Active Directory (AD) remains a high-value target for cyber attackers, the need to detect AD threats before they escalate is essential. This talk focuses on the tools and techniques defenders need to use to uncover even the stealthiest of AD attacks. We’ll explore the traces that attackers leave behind and the practical ways to spot them, helping blue teams build strong, proactive defenses.
We'll dive deep into popular tools like Mimikatz, Bloodhound, CrackMapExec and Impacket toolkit ( psexec, wmiexec, secretsdump.py, getuserSPNs.py) etc , exploring their functionality and artifacts they leave behind. Through real world examples, attendees will gain insights into how seemingly stealthy AD attacks can be detected. We'll cover advanced logging and monitoring techniques, leveraging Windows Event Logs, Splunk and PowerShell logs to build effective detection rules and alerts.
We’re a team of three—one a University of Maryland alum (Aakash Raman), one a current student studying there (Rachit Arora), and another from Carnegie Mellon University (Sai Sathvik Ruppa) —coming together for our first talk at BSidesCharm.
After attending as volunteers in February 2024, we decided to face our fears and tackle imposter syndrome by sharing what we've learned. Two of us have earned OSCP, while one of us naturally gravitates toward blue teaming. Combining our mindset and research