Darryl G. Baker
Darryl G. Baker, CISSP, CEH is a seasoned cybersecurity professional with extensive experience in securing enterprise environments and conducting in-depth security assessments. With a strong background in both offensive and defensive security, Darryl specializes in identifying and mitigating risks within Active Directory and cloud-based infrastructures.
Over the course of his career, Darryl has led numerous security engagements across a variety of industries, helping organizations improve their security posture through technical assessments, red team operations, and strategic guidance. He holds certifications including the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), reflecting his broad expertise in information security.
Darryl is passionate about sharing knowledge and advancing the cybersecurity community. He regularly speaks at industry events, where he delivers practical insights on threat detection, identity security, and real-world attack techniques. His presentations are known for combining deep technical detail with actionable takeaways.
Sessions
OAuth and OpenID Connect (OIDC) are the backbone of modern identity and access management — but poor implementations leave organizations dangerously exposed. In this technical session, I’ll move beyond theory and demonstrate how subtle misconfigurations in OAuth and OIDC flows can be exploited by attackers to bypass authentication, impersonate users, and replay tokens for unauthorized access. We’ll walk through real-world vulnerabilities such as missing state parameters, improperly validated discovery documents, and token validation failures. Then we’ll demonstrate a live token replay attack using OWASP ZAP to intercept and reuse a captured JWT — illustrating how easily these weaknesses can be exploited in the wild. Attendees will leave with actionable knowledge on how to identify, exploit, and mitigate these flaws in enterprise environments, along with open-source scripts and tools to reproduce the attack scenarios in their own labs.
This hands-on class provides students with practical experience attacking and defending Active Directory (AD) environments. Designed for system administrators, IT professionals, and security practitioners, the course covers foundational AD infrastructure, common misconfigurations, and real-world attack techniques. Students will gain insight into threats like NTLM Relay, Kerberoasting, Machine Account Quota abuse, and Unconstrained Delegation.
Each student will access a dedicated lab environment in Azure featuring three virtual machines: a Windows 10 client, a Windows Server 2019 domain controller, and an Ubuntu VM configured with relevant attack tools (including Docker containers for NTLM relay). Participants will perform each attack step-by-step, then implement defensive measures such as restricting delegation, reducing MachineAccountQuota, disabling unnecessary services, and enabling LDAP signing.
The class also covers defensive logging practices, including increasing LDAP diagnostic levels and configuring Windows Event Forwarding (WEF) from the domain controller to a log aggregator. Students will leave with a solid understanding of how to identify, exploit, and mitigate common AD weaknesses.
This class balances theory and hands-on labs, giving students actionable skills to improve the security posture of their AD environments.