Winning the Game of Active Directory
Brandon Colley
DEF CON 32 Creator Stage · Day 1 · Creator Stage
In his DEF CON 32 talk, "Winning the Game of Active Directory," Brandon Colley, a Senior Security Consultant at Trimark Security, challenged conventional notions of success in Active Directory (AD) security. Rather than defining victory as an attacker gaining Domain Administrator privileges or a defender merely preventing a single breach, Colley posited that true triumph lies in the continuous maintenance of a secure environment, consistent improvement of its posture, and diligent implementation of necessary safeguards. This talk served as a dual-perspective guide, offering insights into both offensive attack methodologies and robust defensive strategies within AD environments. Colley leveraged the **GOAD (Game of Active Directory)** lab, a multi-domain environment featuring over 30 out-of-the-box vulnerable configurations, to illustrate common attack paths and demonstrate practical mitigations.