https://www.darkreading.com/endpoint/the-active-directory-botnet/v/d-id/1329756?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
:shock: :kramer:
Mitigation? At 6:48, the guys tell us to turn off AD features we're not using and if you want a REALLY REALLY segmented environment, it should not use corporate AD, but use its own AD system. Also, turn on logging for AD features. That sounds like lots and lots of fun for the guys in the SOC who already don't know how to handle the alerts coming in from the firewalls and IPSes...