How are passwords stored in Microsoft’s Active Directory and how can they be audited? What could an adversary do if they gained access to either a physical or a virtual hard drive of a domain controller? In what ways could one directly modify an Active Directory database file and how can such unauthorized changes be detected? How are SID-protected PFX certificates and BitLocker hard drives encrypted? This talk will answer these and many other common questions about core Active Directory security.