Identity has become the new perimeter—and attackers know it. In today’s breaches, adversaries quickly pivot from an initial foothold to lateral movement inside Active Directory (AD) by abusing “legitimate” protocols like NTLM, Kerberos, RDP, or SSH that most security tools treat as normal traffic.
Complicating matters, AD can’t natively enforce MFA on many of those protocols, leaving common hops—PsExec, PowerShell, WMI, even service-to-service authentications—completely unchallenged. Sprawling service accounts and forgotten scripts often run with standing domain-level privilege, creating blind spots ripe for abuse. Silverfort field research shows that hybrid AD-and-cloud environments routinely contain undocumented accounts, stale credentials, and privilege creep attackers leverage them to jump between on-prem and SaaS resources.
It’s clear yesterday’s perimeter-centric controls and bolt-on MFA aren’t enough. This Real Training for Free session lays out a modern identity-first strategy to harden AD, rein in privileged (and non-human) identities, and shut down lateral movement before it starts.
Up first, 4-time Microsoft MVP Nick Cavalancia takes my seat as he sets the stage with a practitioner’s lens covering:
- The current state of identity-based attacks—and why credentials remain attackers’ favorite payload
- The prevalence of lateral movement in modern breach playbooks
- Commodity controls most organizations rely on (vaults, legacy MFA, basic logging)
- Where gaps still exist—and how they map to real-world attacker techniques once inside
Next up, you’ll hear from Rob Larsen – Security Advisor at Silverfort, who will dive deeper with research-backed guidance you can act on immediately. Topics will include:
- Modern Identity-Based Attack Paths - Rob will discuss real breach scenarios showing misuse of unmanaged service accounts, over-privileged domain credentials, MFA blind spots, and native AD protocols.
- AD Protocols & Lateral Movement - Rob will show how attackers piggyback on NTLM, Kerberos, RDP, and SSH to escalate privilege while evading endpoint and network defenses.
- Discovering & Securing Privileged and Service Accounts - Rob will demonstrate how behavioral analytics can be used to surface dormant or ownerless accounts, prioritizing and enforcing MFA and access policies on high-risk identities and resources.
- Extending Adaptive MFA Everywhere - Rob will talk about techniques for placing policy-based MFA in front of any resource—including legacy servers, Unix boxes, and automated PowerShell or DevOps jobs that previously couldn’t be protected.
By the end of this session, attendees will walk away with a clear roadmap for hardening Active Directory, protecting privileged and non-human identities, and closing gaps that attackers are actively exploiting today.
Join us to modernize your AD defenses and prevent attackers from turning a single compromised credential into an enterprise-wide breach.