BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//conference.c3w.at//VDQMNY
BEGIN:VTIMEZONE
TZID:Europe/Vienna
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7ea-VDQMNY@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20260627T153000
DTEND;TZID=Europe/Vienna:20260627T160000
DESCRIPTION:Active Directory remains the core identity system in most enter
 prise and governmental environments\, making it a primary target for attac
 kers after initial network compromise. Once inside a network\, adversaries
  typically focus on AD reconnaissance\, privilege escalation\, and lateral
  movement in order to gain full domain control.\n\nThis presentation explo
 res how attackers perform Active Directory enumeration using common tools 
 and techniques\, and why traditional security monitoring often fails to de
 tect these early-stage activities. It then introduces deception-based defe
 nse strategies as an effective approach for early detection of malicious b
 ehavior within identity infrastructures.\n\nThe session focuses on the use
  of Active Directory honeypots and canary tokens as proactive detection me
 chanisms. These decoy assets are designed to appear legitimate within the 
 environment while acting as high-fidelity tripwires for suspicious activit
 y. Any interaction with these objects can immediately signal potential rec
 onnaissance or compromise attempts.\n\nThrough practical examples and a si
 mulated attack scenario\, the talk demonstrates how deception techniques c
 an detect attacker behavior during directory enumeration\, credential disc
 overy\, and privilege mapping. The presentation also highlights how these 
 mechanisms integrate into Purple Team methodologies and support incident r
 esponse and forensic investigations.\n\nAttendees will gain insight into h
 ow deception technologies enhance visibility within Active Directory envir
 onments\, reduce attacker dwell time\, and enable earlier detection of ide
 ntity-based attacks before they escalate into full domain compromise.
DTSTAMP:20260702T225140Z
LOCATION:Dachsaal (Track 2 )
SUMMARY:Defending Identity Infrastructure of the Active Directory with Dece
 ption Technologies - Ahmed Hassan
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7ea/talk/VDQMNY/
END:VEVENT
END:VCALENDAR
