Essential Target for Adversaries.
Active Directory is a key component for corporates and nearly all threat actors and APT groups is targeting AD for gaining access to the crown jevels of company. For example APT29 and APT32 uses pass the ticket method to lateral movement. APT34 (OilRig) group uses Outlook Homepage feature for breaching external perimeter. With this service you can prevent or detect this kind of attacks and you can build resilient Active Directory environment.
ADSA Service Comprises;
- Active Directory Vulnerability Assessment
- Privilege Escalation/Lateral Movement Attack Path Analysis
- Domain Controller Auditing
- Domain Computer (Client/Server) Auditing
- Privileged Access Workstation Auditing
- Exchange Server Auditing
- Privileged User/Group Auditing
- Group Policy Auditing
- Password Auditing
- Delegation / Access Control List Auditing
- Local Admin / User Auditing
- Active Directory Administrative Tier Model Analysis
- Active Directory Logging Auditing
- Active Directory Compromise Assessment
After Active Directory Security Assessment;
We’ll Reveal
- Active Directory vulnerabilities and configuration weaknesses
- Risky user/admin accounts with lateral movement and privilege escalation paths
- Users or computers which have weak passwords
- Group Policies which enforce vulnerable configurations
- Local administrator accounts with same passwords
- Risky access control entries which may lead privilege escalation
- Exchange/Outlook vulnerabilities which may lead perimeter breach
- Service accounts with elevated privileges
You Can Detect
- DcShadow
- DcSync
- Kerberoasting
- AS-REP Roasting
- NTLM Relay
- LLMNR & NBTNS Poisoning
- Group Policy Preferences Passwords Exploitation
- Unconstrained Delegation Exploitation
- Constrained Delegation Exploitation
- Resource Based Constrained Delegation Exploitation
- PrivExchange
You’ll Get
- Detailed report with identified attack vectors and risks
- Mitigation, detection and prevention recommendations for identified risks
- Detailed inventory lists
- Visualized attack paths
- Prioritized strategic action steps for securing Active Directory
One year Forestall Active Directory Security Documentation Library Access (Coming Soon)