|Windows Server, Networks, Cloud Platform and Modern Datacenter|
|14:00 - 15:00|
Last year I discovered and reported a DoS attack issue in Active Directory which affected all existing versions of Windows including the brand new Windows 2016. It has already been my second discovery which has been acknowledged and patched by Microsoft. I also reported some that were not acknowledged :-) I will share my experience with reporting and documenting the bugs with the Microsoft Security Response Center, how the communication and patching evolved in each case. I will also demonstrate all the details about the AD DoS bug which is based on some interesting facts and shows rather generic design lesson. It would also be impossible if there was not a default insecurity in configuration of Active Directory which affects roughly 90% of all AD environments over the world.
Proud MCM:Directory and not less proud MVP:Enterprise Security from Brno, Czechia doing AD, security, identity management and integration, PKI. Also digs into hacking and doing security auditing as CISA and CISM.