MaLDAPtive: Diving Deep Into LDAP Obfuscation, Deobfuscation & Detection
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, "MaLDAPtive," delivered by Daniel Bohen (Divo) and Sabata (Sabi), delves into the often-overlooked realm of LDAP search request obfuscation, deobfuscation, and detection within Active Directory environments. Daniel Bohen, a Principal Threat Researcher at Permiso Security with a history of endpoint research at Microsoft and a self-professed "obsession" with obfuscation, teams up with Sabata, a Senior Cyber Security Engineer at Solaris specializing in cyber defense, detection engineering, and incident response. The presentation aims to shed light on how attackers can leverage LDAP's flexible nature to evade detection and, crucially, how defenders can counter these techniques.