The presentation shows how attackers proceed in the on-premises AD - and with which mostly free tools and configurations admins and security managers protect their domain environment.

Active Directory (AD) environments are a central component of many corporate networks. On the one hand, ransomware gangs and other attackers use misconfigurations in Microsoft's on-premises directory service to first spread throughout the attacked organization and then completely cripple or compromise it.
On the other hand, a security consultant often notices during customer projects that system administrators lack knowledge about essential security-related features of the directory service. For example: By default, any user can add a new machine to a domain. < ...