Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Toxic Waste Removal for Active Directory: Quickly Identifying and Safely Removing Dangerous Legacy Permissions

View Recording

Thursday, April 26, 2018
11:00AM-12:00PM PDT

Brought to you by:

Toxic Waste Removal by Andy Robbins
Identifying Legacy Permissions and Other Vulnerabilities with KnowBe4's Weak Password Test by Greg Kras

Given enough time, nearly every Active Directory environment becomes an incredibly complex web of interlinked, nested, and opaque permissions and privileges. It is that exact complexity that adversaries so commonly and reliably exploit to gain elevated privileges; meanwhile, defenders are left holding the bag, lacking the tooling and time to safely remove legacy permissions. Defenders that dare to attempt to clean up these legacy permissions face a minefield of complex permissions inheritance rules, unclear or non-existence documentation, and the famous anxiety that has stopped every effort before: not knowing what's going to break when you start removing permissions.

This presentation will walk you through a new methodology, empowered by graphs, which will enable you to easily enumerate those legacy permissions, quickly identify the permissions that pose the most risk to your organization, and safely remove those permissions with confidence. For example, we will step you through this process for safely removing dangerous, legacy Exchange permissions. We will also demonstrate how you can model future changes, so you can measure and plan for the risks of granting new permissions and privileges before actually granting them. All tooling and methodologies demonstrated in this talk are free and open source.


Andy Robbins Andy Robbins

Andy Robbins has performed penetration tests and red team assessments for a number of Fortune 500 commercial clients and major U.S. Government agencies. In addition, Andy researched and presented findings related to a business logic flaw with certain processes around handling ACH files affecting thousands of banking institutions around the country at DerbyCon. He has a passion for offensive development and red team tradecraft, and helps to develop and teach the 'Adaptive Red Team Tactics' course at Black Hat USA. Twitter: @_wald0

Sponsor Presenter:

Greg KrasGreg Kras

Greg Kras, Chief Success Officer, KnowBe4 has been making software easier to use for over 20 years, making a name for himself in software development, Greg has focused on solving IT headaches in the most helpful way possible, holding positions such as product management, CT





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners