Active Directory has been around for more than 20 years, and it was never built to withstand the attacks organizations face today. In this session, Marco Garofalo of Semperis demonstrates exactly how easy it is to exploit that gap. A live attack simulation shows how a standard user can abuse a misconfigured Active Directory Certificate Services (AD CS) template to escalate to domain admin without manager approval, and how the right tooling detects, alerts on and automatically reverts those changes in real time.

The session will explore:

• How a standard user with no elevated privileges can become domain admin in minutes by exploiting a misconfigured AD CS template that requires no manager approval;
• How continuous monitoring of Active Directory can surface indicators of exposure before an attack and detect unauthorized changes the moment they occur;
• Why post-attack recovery requires more than restoring a backup.