Active Directory

noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds

Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.


Reduce Active Directory Security Risks

Since a majority of the breaches are credential based, securing your multi-directory identity store - Microsoft Active Directory (AD) and Azure AD - is critical to protecting your organization from adversaries launching ransomware and supply chain attacks. Your security and IAM teams are concerned about securing AD and maintaining AD hygiene - and they need to be in sync, for example, to ensure that legacy and deprecated protocols like NTLMv1 are not being used and that the right security controls are in place to prevent breaches in real time.

Active Directory Lateral Movement Detection: Threat Research Release, November 2021

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments. In this blog post, we’ll describe some of the detection opportunities available to cyber defenders and highlight detections from the analytic story.

Hands-on domain password policy setup for Active Directory

Dealing with the massive architecture of client-server networks requires effective security measures. Everyone has become painfully aware of all dangerous fishes roaming around the pool of the network, trying to get access to the system. Having a weak password policy is a key vector for attackers to gain system access. However, admins can help protect password security of the wide-reaching network using Group Management Policy (GPO).

Active Directory Discovery Detection: Threat Research Release, September 2021

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

LDAP vs Active Directory: What's the Difference

The main difference in LDAP vs Active Directory is that while both LDAP and Active Directory are used for querying user identity information, AD contains a complete network operating system with services such as DNS, DHCP etc. In contrast, LDAP does not have any of those functionalities. Understanding LDAP plays an essential part in getting to know your Active Directory better and preventing data breaches and unauthorised access.

Active Directory Certificate Services: Risky Settings and How to Remediate Them

Active Directory Certificate Services has been around for a long time, but resources for learning it are not great. As a result, it often has misconfigurations that are an increasing vector for attacks. In fact, SpecterOps released a whitepaper detailing a number of misconfigurations and potential attacks and providing hardening advice.

PetitPotam - NTLM Relay Attack

Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used.

How to Set and Manage Active Directory Password Policy

With cyberattacks exploding around the world, it’s more important than ever for organizations to have a robust password policy. Hackers often gain access to corporate networks through legitimate user or admin credentials, leading to security incidents and compliance failures. In this article, we will explore how to create and maintain a strong and effective Active Directory password policy.

Basics and how to create security groups in Active Directory.

An Active Directory is a database that holds information about the security of an organization. It stores user accounts, and security settings to help organise all the information. Active Directory also stores a list of security groups that are created by the organisation to hold different levels or types of access permissions. Active Directory is a way that you can show people your home. If you are not careful and give too much permission to people, then it can be easy for others to do bad things.