Yan Barche

Mission context: Following vulnerabilities detected in its Tier 0 Active Directory infrastructure, L'Oréal launched the Titanium V2 project. The goal of this project is to modernize the AD infrastructure and improve its security level.

Objectives:

• Integration of the AD Tiering Model

• Tier 0 Isolation

• Securing AD directories

Main Missions:

Securing Active Directory:

• Audit and removal of obsolete protocols

• Identification of T1/T2 escalation paths to OnPrem T0 via Forest Druid and BloodHound tools

• Isolation of Azure permissions/subscriptions (Forest Druid Azure)

• Reduction of lateral movements within T0 (AD, Azure, PKI, Cyberark, ...)

• Audit and securing of trusts (Selective Authentication, SID history, SID Filtering)

• Analysis of AD DS and AD CS vulnerabilities via PurpleKnight

• Analysis of AD vulnerabilities with PingCastle and TVM tools

• Creation of PSO for each Tier

Redesign of the AD topology:

• Implementation of a new architecture

• Creation of new site links

• Migration of FSMO roles to the new topology "core"

• Migration of Bridge Heads

• Construction of new Azure DCs

• Implementation of the decommissioning plan

o Collection and analysis of LDAP logs

o Identification and removal of dependencies (DNS, Kerberos)

Deployment of the Tiering Model on the RD forest:

• Implementation of Tiering OUs

• Audit of privileged accounts and servers

• Integration of high-privilege accounts as Protected Users

• Deployment of MS Security Baselines

• Creation of GPOs to isolate resources by Tier

• Audit and securing of AD

• Implementation of Code Signing for Powershell scripts

• Creation of scripts to automate several tasks

Cross-Forest Password Synchronization MIM:

• Installation and configuration of MIM

• Deployment of the PCNS agent

• Creation of MAs and synchronization rules

Mission context: Amidst the merger between Natixis and BPCE-IT, encompassing 93 AD domains for 150,000 users, directory convergence is in full swing within the company. The same applies to their security, as they are targets for attackers.

Objectives:

• Integration of PAM to secure privileged accounts while respecting the AD Tiering Model

• Audit and security of a Web platform (OWASP recommendations)

• Operational maintenance of Active Directory directories

Main Missions:

• Privileged Access Management: T0: Microsoft Identity Management Platform:

• Design of the PAM architecture between the administration forest and production forests

• Analysis and opening of necessary network flows

• Establishment of Active Directory trust relationships

• Creation of authentication audit GPOs

• Integration/Synchronization of AD accounts into MIM

• Privilege management via MIM security SETs

• Implementation of Workflows and Management Policy Rules

• Deployment of PAM Trusts between forests

• Creation of PAM Groups for production domains

• Design of PAM Roles linking domains to a TTL

• Creation of a script to perform privilege elevation graphically

• Removal of permanent high-privilege T1&2 rights: Just in Time Administration:

• Activation of the "Privileged Access Management" feature

• Development of a JITA architecture to remove permanent administration rights on workstations and servers

• Creation of a web page allowing teams to perform their privilege elevations

• Script to replicate elevation across all AD sites

• Monitoring of elevations via Splunk graphs

• Presentation and documentation of the feature

• Design of an API for privilege elevation

• Removal of administration rights

• Audit and security of a Web platform:

• Audit of a web platform using the CheckMarx tool

• Identification and analysis of the criticality of detected vulnerabilities

• Drafting and presentation of a remediation plan

• Correction of detected vulnerabilities (based on OWASP)

• Implementation of Splunk TA to collect application logs

• Implementation of Kerberos authentication

• Management of platform access

• Autoenrollment of certificates for domain controllers:

• Creation of GPOs allowing autoenrollment

• Creation of a certificate template

• Management of access and permissions on the template

• Opening of flows between domain controllers and the certification authority

• List of Subject Alternative Names for autoenrolled certificates

• Declaration of the template to the certification authority

• Activation of the CertificateServicesClient scheduled task for autoenrollment

• Securing an ADLDS:

• Audit of applications using LDAP connection via Splunk

• Disabling simple bind

• Implementation of an EDR

• Certificate renewal

Deliverables:

• Vulnerability report, recommendations, and remediation plan

• Presentation of complex architectures

• Internal documentation of the infrastructure used by local administrators

Technical Environments:

Active Directory Domain Services, Active Directory Lightweight Directory Services, Powershell, Visual Basic, Javascript, Microsoft Identity Management, Privileged Access Management, Just In Time Administration, Zabbix, SCOM, Splunk, Control M, CyberArk, Visual studio code, Visual Studio, CheckMarx, Change Auditor, Microsoft Advanced Threat Analytics, CrowdStrike

Mission context: Responsible for automating messaging tasks for automated supervision - 150,000 users (BPCE Group).

Objectives:

• Development of PowerShell scripts

• Implementation of monitoring via Zabbix

• Management of messaging scripts

Main Missions:

Automation of tasks

• Define client needs

• Planning, execution of tests, and deployment in production

• Creation of PowerShell scripts

• Writing technical and functional documentation

Monitoring

• Data retrieval in Zabbix

• Creation of templates per application

• Implementation of application groups and appropriate triggers (CPU, Messaging Queue, SMTP Loop)

• Creation of graphs

Implementation of a version control tool: Bitbucket

• Creation and implementation of the architecture based on client type

• Implementation of access and privilege management policy for the Bitbucket tool

• Deployment of scripts on Windows Server 2019

• Training of team members on the BitBucket tool

Deliverables:

• Technical documentation for scripts

• Presentation slides during training sessions

Technical Environments:

Powershell, Zabbix, Control M, Bitbucket, Jira, Confluence, Planner, Cyberark, Visual studio code, Exchange 2013, Merge1, IronPort, Enterprise Vault