We perform various checks and reviews to ensure that your Active Directory (AD) instance has been set up in a secure fashion in order to defend against various latest cyber attacks and threat vectors.
What is Active Directory?
Active Directory (AD) is a technology used on Microsoft Windows-based servers and systems. AD enables system administrators to create and manage domains, users and objects within an organisation’s network.
Active Directory Security
By using a standardised methodology for performing the assessment, it can be easily integrated into a regular testing cycle enabling you to regularly assess your AD installation for common problems and providing assurance that the core of your organisation’s network is secure.
Key benefits of this service includes:
- Test the core of your organisation’s AD installation and the corporate network.
- Covers all top vulnerabilities and commonly found issues.
- Less complex than using dedicated teams or performing a penetration testing exercise.
- Get a quick assessment report that is easily comprehensible.
The following is an example of what we will typically cover when performing this assessment:
- Configuration review
Due to a large number of objects (such as groups and organisational units, etc.) involved in an AD, it is common to find unused or old accounts which result in the creation of a path for an attacker to gain domain administration level access. We identify these so they can be addressed and the paths removed.
- Password control
To test an enterprise’s effectiveness at password management, we would attempt to crack as many passwords as possible using an offline approach and assess password change practices. We then identify and report on any improvements and recommendations in relation to password setting and usage.
- Harvesting user credentials
Credentials are often found unsecured on network shares within an organisation. In this assessment, we search your networks for these and any similar privileged information that we can harvest as part of the test.
- Exploitation & Privilege Escalation
Escalation can occur via taking advantage of unpatched privilege escalation vulnerability. For example finding local administrator credentials in SYSVOL.
For more information please contact us.