In any Active Directory environment, there is a complex, dynamic, and often difficult to navigate network of user permissions and objects. Attackers often exploit these relationships to gradually gain more and more privileges and eventually achieve their goal. In many Red Team assessments, the Active Directory environment is a key defensive vulnerability.
Our Active Directory Attack Resistance service is directly designed to test the most common issues of Active Directory installations, covering the top areas where we consistently find weaknesses: Enterprise AD configuration, the unprotected access to credentials, and the quality of the passwords used.
With an audit of the Active Directory for its attack resistance, attack paths are systematically identified and hardening potentials are worked out.
Compared to a Red Team Assessment, the AD attack resistance audit is very focused and takes significantly less time due to the significantly reduced complexity of the approach.
Typically, the following three components are checked:
Enterprise AD Configuration. Due to the large number of groups, objects, organizational units, etc. found in a production Active Directory landscape, it is not uncommon to find unwanted combinations as well as obsolete accounts. By cleverly exploiting such combinations, it is often possible for attackers to extend privileges all the way up to the domain administrator. We identify such combinations so that they can be addressed accordingly and paths removed.
Unprotected access to credentials. One of the most common vulnerabilities uncovered through the use of our Red Team is the internally free availability of credentials. Too often these are present, for example in administrative scripts, on unsecured network shares. In this test, we scan the network starting from a client or server for this and similar privileged information.