2025-10-07 –, Prague/ Technical Deep Dive & Innovation
Active Directory environments depend heavily on TLS and X.509 certificates—yet few defenders look at them through the lens of OpenSSL, the Swiss Army knife of cryptographic analysis. Whether it's LDAP over SSL (LDAPS) or certificate-based Kerberos authentication (PKINIT), small certificate misconfigurations can lead to major security exposures.
In this talk, I’ll discuss how to use OpenSSL as your primary tool for breaking, auditing, and hardening Active Directory’s certificate trust chains. We’ll walk through how attackers can abuse weak certificates and TLS configurations using OpenSSL, and how defenders can use those same tools to shut it down.
From real-time LDAPS probes to parsing malicious Kerberos smartcard certs, this session will show you that OpenSSL isn’t just for developers—it’s a penetration tester’s scalpel and a defender’s stethoscope.
Active Directory environments depend heavily on TLS and X.509 certificates—yet these critical components are often misconfigured, outdated, or completely misunderstood. From insecure LDAPS configurations to abused certificate templates enabling rogue Kerberos authentication (PKINIT), attackers are increasingly exploiting the cracks in AD’s trust infrastructure.
In this talk, we turn to OpenSSL to uncover and exploit these weaknesses. You’ll learn how to use OpenSSL to probe domain controllers, analyze smartcard certificates, and simulate attacks that abuse certificate-based authentication paths.
We’ll walk through how red teams use OpenSSL to silently harvest credentials, perform relay attacks, or impersonate users via rogue certs—and how blue teams can use the exact same tooling to audit, detect, and harden these exposures.
You’ll leave with a practical set of OpenSSL techniques to test:
• LDAPS encryption and certificate health across domain controllers
• PKINIT certificate chain validation and smartcard impersonation risks
• TLS version and cipher suite enforcement in AD's SChannel layer
Whether you're defending an enterprise or building an attack lab, this session will change how you view certificate trust in Active Directory—and show you why OpenSSL belongs in your identity security toolkit.
Darryl G. Baker is a Senior Solutions Architect at Netwrix and a recognized authority in Identity and Active Directory security. With over a decade of identity systems experience, he has led enterprise security assessments, identity security trainings, and threat emulations focused on Active Directory, Entra ID, and Azure environments.
Darryl has delivered highly rated trainings and demos at BlueTeamCon, BSidesCT, The Experts Conference, and Wild Wild West Hackin’ Fest. He’s the architect behind numerous hands on attack emulation labs—leveraging current red team and blue team tools to help defenders master everything from attack path analysis to threat hunting.
In his sessions, Darryl blends deep technical insight with real world case studies, empowering blue team professionals to strengthen their identity security posture and defend against evolving adversary techniques.