OwlTail

Cover image of Sean Metcalf

Sean Metcalf

10 Podcast Episodes

Latest 24 Jul 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

SolarWinds, FireEye, Microsoft, Oh My! - Sean Metcalf, Tyler Robinson - ESW #212

Paul's Security Weekly TV

The current ransomware, breaches, and nation state attacks have defenders feeling overwhelmed and under resourced. Can defensive teams really have defended against this type of supply chain attack and what can every security team do for best practices within Active directory and Azure federation to reduce your enterprises risk. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw212

33mins

8 Jan 2021

Episode artwork

SolarWinds, FireEye, Microsoft, Oh My! - Sean Metcalf, Tyler Robinson - ESW #212

Enterprise Security Weekly (Video)

The current ransomware, breaches, and nation state attacks have defenders feeling overwhelmed and under resourced. Can defensive teams really have defended against this type of supply chain attack and what can every security team do for best practices within Active directory and Azure federation to reduce your enterprises risk. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw212

33mins

7 Jan 2021

Similar People

Episode artwork

Active Directory, Azure and Windows Security - Sean Metcalf - PSW #642

Paul's Security Weekly (Video-Only)

Active Directory & Microsoft Cloud (Azure AD & Office 365) Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

1hr

8 Mar 2020

Episode artwork

Active Directory, Azure and Windows Security - Sean Metcalf - PSW #642

Paul's Security Weekly TV

Active Directory & Microsoft Cloud (Azure AD & Office 365) Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

1hr

8 Mar 2020

Most Popular

Episode artwork

S1E06.3: Special Black Hat Edition: Sean Metcalf

State of the Hack

“Special Guest Sean Metcalf (@PyroTek3)”: Sean Metcalf is a trailblazer in the InfoSec field who is most well-known for his expertise in Active Directory security. He’s given talks on the topic at several security conferences, including Black Hat USA, DEF CON, DerbyCon and BSides. Fun fact about Sean: he is one of roughly 100 Microsoft Certified Masters (MCMs) in Directory Services in the world. Active Directory security plays a huge part in his current role as Founder and Chief Technology Officer of Trimarc Security. Trimarc is a company that protects organizations primarily through the security of Active Directory, Microsoft Exchange, and VMware virtual infrastructure. During our chat, Sean explained how he got started in the world of Active Directory security about a decade and a half ago when he was as an Active Directory engineer. He discussed some of the challenges he faced between then and now while traversing relatively uncharted territory. He also provided a brief overview of the talk he gave at Black Hat USA 2018 on why secure administration isn’t so secure.

21mins

20 Aug 2018

Episode artwork

Security Weekly #462 - Sean Metcalf

Paul's Security Weekly (Video-Only)

57mins

2 Jun 2016

Episode artwork

Paul's Security Weekly #462 - Interview with Sean Metcalf, Microsoft Certified Master

Paul's Security Weekly (Podcast-Only)

1hr 43mins

2 Jun 2016

Episode artwork

Security Weekly #462 - Interview with Sean Metcalf

Paul's Security Weekly TV

Our guest on the show will be Sean Metcalf! Sean Metcalf is a Microsoft Certified Master/Microsoft Certified Solutions Master in Directory Services which is an elite group of Active Directory experts. As of 2016, he is also a Microsoft Most Valuable Professional (MVP).

57mins

9 May 2016

Episode artwork

Security Weekly #462 - Interview with Sean Metcalf, Microsoft Certified Master

Paul's Security Weekly

Sean Metcalf (@PyroTek3) is a Microsoft Certified Master (MCM) /Microsoft Certified Solutions Master (MCSM) in Directory Services(Active Directory Windows Server 2008 R2) which is an elite groupof Active Directory experts (only about 100 worldwide). As of 2016,he is also a Microsoft Most Valuable Professional (MVP). We ask himabout his start in information security and PowerShell. Listen innow!

1hr 43mins

29 Apr 2016

Episode artwork

Sean Metcalf - Red vs. Blue: Modern Active Directory Attacks & Defense

DEF CON 23 [Audio] Speeches from the Hacker Convention

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Sean-Metcalf-Red-vs-Blue-AD-Attack-and-Defense.pdf Red vs. Blue: Modern Active Directory Attacks & Defense Sean Metcalf CTO, DAn Solutions, Inc. Kerberos "Golden Tickets" were unveiled by Alva "Skip" Duckwall & Benjamin Delpy in 2014 during their Black Hat USA presentation. Around this time, Active Directory (AD) admins all over the world felt a great disturbance in the Force. Golden Tickets are the ultimate method for persistent, forever AD admin rights to a network since they are valid Kerberos tickets and can't be detected, right? This talk explores the latest Active Directory attack vectors and describes how Golden Ticket usage can be detected. When forged Kerberos tickets are used in AD, there are some interesting artifacts that can be identified. Yes, despite what you may have read on the internet, there are ways to detect Golden & Silver Ticket usage. Skip the fluff and dive right into the technical detail describing the latest methods for gaining and maintaining administrative access in Active Directory, including some sneaky AD persistence methods. Also covered are traditional security measures that work (and ones that don't) as well as the mitigation strategies that disrupts the attacker's preferred game-plan. Prepare to go beyond "Pass-the-Hash" and down the rabbit hole. Some of the topics covered: Sneaky persistence methods attackers use to maintain admin rights. How attackers go from zero to (Domain) Admin MS14-068: the vulnerability, the exploit, and the danger. "SPN Scanning" with PowerShell to identify potential targets without network scans (SQL, Exchange, FIM, webservers, etc.). Exploiting weak service account passwords as a regular AD user. Mimikatz, the attacker's multi-tool. Using Silver Tickets for stealthy persistence that won’t be detected (until now). Identifying forged Kerberos tickets (Golden & Silver Tickets) on your network. Detecting offensive PowerShell tools like Invoke-Mimikatz. Active Directory attack mitigation. Kerberos expertise is not required since the presentation covers how Active Directory leverages Kerberos for authentication identifying the areas useful for attack. Information presented is useful for both Red Team & Blue Team members. Sean Metcalf is the Chief Technology Officer at DAn Solutions, a company that provides Microsoft platform engineering and security expertise. Mr. Metcalf is one of about 100 people in the world who holds the elite Microsoft Certified Master Directory Services (MCM) certification. Furthermore, he assisted Microsoft in developing the Microsoft Certified Master Directory Services certification program for Windows Server 2012. Mr. Metcalf has provided Active Directory and security expertise to government, corporate, and educational entities since Active Directory was released. He currently provides security consulting services to customers with large Active Directory environments and regularly posts useful Active Directory security information on his blog, ADSecurity.org. Follow him on Twitter @PyroTek3 Twitter: @PyroTek3 Web: ADSecurity.org

21 Oct 2015