Microsoft Active Directory 😁Attack …

Active Directory is a directory service developed by Microsoft to manage the Windows domain network .

It is software to arrange, store information; provide access and permissions based on that information. It arranges all the Network’s Users, Computers and other Objects into Logical, Hierarchical grouping. The information is used to authenticate/authorize the Users, Computers and resources that are a part of the network. Active Directory lookout this by using Kerberos Authentication and Single Sign-On (SSO).

Active Directory acts as a single repository for all of this user and computer-related information which makes it easier for user management. Active directory comes with windows server and it can be used to manage the entire organization.

Active Directory is most commonly used for Identity Management Services in the world. 95% of the Fortune 1000 companies implement the Active directory in their network .

As Active Directory manages the organization’s resources it has become a common target for attackers. It can be exploited without ever attacking patchable exploits.

Active Directory components consist of:

1. Physical Components

2.Logical Components

While designing the infrastructure we need to consider both the components. Logical components of the Active Directory structure can be changed at any given time consistent with the business requirement. But physical components are not easy to modify.

ACTIVE DIRECTORY DOMAIN SERVICES ?

i. Domain Services:

The domain service stores the centralized data and manages the communication between users and the domain controller. It is the primary functionality of Active Directory Domain Service.

ii. Certificate Services:

It allows Domain Controller to provide digital certificates, signature and public-key cryptography and is used to manage, generate and share certificates.

iii. Directory Federation Services:

It works based on the federated identity. It provides Single Sign-On (SSO) authentication for multiple applications in the same session so that user don’t have to keep providing same credentials and also provide functionality that extends users SSO access to the application and systems outside the company’s firewall.

iv. Lightweight Directory Service:

It supports cross platform domain services, like any Linux computers present in the network.

v. Rights Management:

Rights management is used as a security tool to control information rights and data access policies.

How to mitigated the Active Directory Attack ?

  1. Windows Audit Categories

2. Auditing Subcategories Descriptions

3.Account Management

4.Detailed Process Tracking

5. Directory Service Access

6. Privileged activities like access

Some of my point of view regarding the Active Directory Attack :-

Regarding the active directory attack my suggestion is all What matters isn’t how long an attacker has privileged access to Active Directory, but how much the attacker has planned for the moment when privileged access is obtained.

And today’s world is facing too much problem regarding this attack because 99% people are using Microsoft windows. i.e. Microsoft is making security defaults available to everyone, because managing security can be difficult. Identity-related attacks like password spray, replay, and phishing are common.

The credentials for these emergency access accounts should be stored offline in a secure location such as a fireproof safe. Only authorized individuals should have access to these credentials. You can use Conditional Access to configure policies similar to security defaults, but with more granularity including user exclusions, which aren’t available in security default

Go to my LinkedIn for new updates related Cyber Attack and many more Articles …

I hope this is helpful, and I would be interested to hear about other resources that you find useful. Please leave a message here, on Medium.

–Rahul KT

--

--

--

Hey! I’m Rahul Kumar Security Researcher From 🇮🇳 I’m building my skills in and threat intelligence, Digital Forensic, Open Source Intelligence Etc.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cloud Custodian Policies for CIS AWS Foundations Benchmark (Part-4)

BNPL Pay Mainnet Update Dec 2021

[THM] Overpass

Mines of Dalarnia x CryptoJ AMA Recap (12/04/2022) Chinese & English Versions

Why Are UK Based Transcription Services Better

The Highly Optimistic Dev Blog #01: The Mystery of the Missing Message

SuperCharger Startup Highlight: Interview with Mohan Gandhi, Co-founder & CEO of Entersoft

Intelfin platform has created a completely automated and responsive system using blockchain &…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rahul Kumar

Rahul Kumar

Hey! I’m Rahul Kumar Security Researcher From 🇮🇳 I’m building my skills in and threat intelligence, Digital Forensic, Open Source Intelligence Etc.

More from Medium

COOKIES AND SESSION

Application & Reflection

Cost Complexity Parameter-Decision Tree

DEFIGO