Backup Operator accounts are ubiquitous and often overlooked by both blue and red teams. These accounts have abusable permissions and are rarely maintained properly. In this webinar, we will examine and demonstrate novel techniques to stealthily compromise Active Directory through the Backup Operator’s account. We will use the Backup Operator account to gain local Admin privilege, establish persistence, and pivot laterally throughout a domain. However, all is not lost in that we can further lockdown our systems and enable auditing measures to deter and detect these attacks

Presented by Dave Mayer, Head of the Red Team and Senior Security Consultant, InGuardians

Slides – The Backup Operators Guide to the Galaxy