ManageEngine ADAudit Plus is a UBA-driven auditor that fortifies your Active Directory (AD) security infrastructure. With over 250 built-in reports, it provides you with granular insights into what’s happening within your AD, such as all changes made to objects and their attributes. This can include changes to users, computers, groups, network shares, and more.
The Privileged Attribute Certificate (PAC) is an extension to Kerberos service tickets that contains information about the authenticating user and their privileges. A domain controller adds the PAC information to Kerberos tickets when a user authenticates in an Active Directory (AD) domain. When Kerberos ticket services are used to authenticate to other systems, they can retrieve the PAC from a user’s ticket to determine their level of privileges without having to query the domain controller.
CrackMapExec is an open-source tool that leverages Mimikatz to enable adversaries to harvest credentials and move laterally through an Active Directory environment. This blog post details how this tool works and offers a solution for defending against it.
Eighty percent of modern attacks are identity-driven. Why would an attacker hack into a system when they can simply use stolen credentials to masquerade as an approved user and log in to the target organization? Once inside, attackers increasingly target Microsoft Active Directory because it holds the proverbial keys to the kingdom, providing broad access to the systems, applications, resources and data that adversaries exploit in their attacks.
LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.
BloodHound is a powerful tool that identifies vulnerabilities in Active Directory (AD). Cybercriminals abuse this tool to visualize chains of abusable Active Directory permissions that can enable them to gain elevated rights, including membership in the powerful Domain Admin group. This guide is designed to help penetration testers use BloodHound to identify these vulnerabilities first, so enterprises can thwart attacks.
This post explains how to collect detailed lists of your Active Directory service accounts so you can implement proper governance to reduce your attack surface area. Specifically, it details how to enumerate service accounts used by the following: This will enable you to identify a significant portion of your service accounts. However, note that service accounts can also be used in virtual directories, authentication settings, etc.
BloodHound is a powerful tool that identifies vulnerabilities in Active Directory (AD). Cybercriminals abuse this tool to visualize chains of abusable Active Directory permissions that can enable them to gain elevated rights, including membership in the powerful Domain Admin group. This guide is designed to help penetration testers use BloodHound to identify these vulnerabilities first, so enterprises can thwart attacks.
Unconstrained delegation represents a serious cybersecurity risk. By taking steps to abuse the Active Directory delegation controls applied to user and computer objects in an AD environment, an attacker can move laterally and even gain control of the domain. This blog post explores this area of attack (unconstrained delegation) and offers security teams and administrators effective strategies for mitigating this security risk.
