Position summary


Alsid being experts in Microsoft Active Directory security, we are looking for an intern specialized in IT security and who loves offensive research projects.

During your internship, you will be in charge of a technical study about Microsoft Azure Active Directory Domain Services. Azure ADDS is the Active Directory's authentication services in the Microsoft cloud. As this service needs to get along with historical enterprise infrastructures, mechanisms, such as the authentication secrets replication, have been put in place.

You will first need to understand how Azure ADDS works, against the historic version of Active Directory, then examine the secrets replication protocol in order to develop proof-of-concepts enabling secrets interception or extraction.

Results of your research will be integrated in Alsid's products and might be publicly published. As such, you will be supervized by multiple senior security researchers, who have already presented in a few international conferences (such as BlackHat USA).

Responsabilities & Technical Qualifications


What you’ll do:

  • Create from scratch a test infrastructure associating a historic Active Directory and an Azure Active Directory
  • Study administration and network protocols to deal with an Azure ADDS and a client workstation
  • Study technical specifications of secrets replication of Azure ADDS
  • Retro-engineer libraries dealing with secrets replication functionalities in order to find potential security vulnerabilities
  • Implement proof-of-concept tools to demonstrate what you've found
  • Formalize your work in a scientific paper that you could present in a security conference

What you might look like:

  • Technical knowledge of Windows and Active Directory
  • Authentication protocols (NTLM, Kerberos, ...) good base
  • Standard attack technics (pass-the-hash, pass-the-ticket, responder, golden ticket, ...)
  • Remote administration protocols (RPC, WinRM, WMI, ...)
  • Complex technical project working capability
  • Development tools basic knowledge (Git, Docker, ...)
  • Security deep-research tools (IDA, WinDBG, Wireshark, ...)
  • Microsoft development environment lure (Visual Studio, Azure, ...)
  • Scripting language basic knowledge (PowerShell, Python, ...)
  • Good verbal and written capabilities

Practical aspects


 Salary:

  • Stimulating compensation

 Position:

  • Internship

 Location:

  • Paris, France (Alsid Offices, rue d'Aboukir)

Start your application now

Help us shape to future of information security