Active Directory Assessments
Limit the risk of overly permissive Active Directory groups and users by identifying and reducing the pathways to obtain privileged access. Understand which users, groups and endpoints have potential to provide an attacker pervasive control over the Windows environment.
Active Directory Security Assessment
Objectives
- Limit the risk of overly permissive Active Directory groups and users by identifying and reducing the pathways to obtain privileged access.
- Understand which users, groups and endpoints have potential to provide an attacker pervasive control over the Windows environment.
- (Optional) Audit AD passwords for strength and commonalities using an offline password cracker.
Outcomes
- Dashboard describing the overly permissive endpoints, users, and groups including those with a direct path to Domain Admin, Remote Desktop privileges and Local Admin privileges.
- Identification of users that can be compromised via common attacks such as Kerberoasting, AS-REP and password spraying
- Data on the most commonly used passwords, length and complexity.
SRA Advantages
- SRA uses PowerBI to visualize the results and create an easily digestible dashboard
- We perform focused pen testing and purple teaming to validate the results
- SRA will assist in the remediation efforts to help limit the attack surface of compromised user accounts
- SRA maintains a powerful 24-GPU offline password cracker
High Level Activities
Data Gathering
- Run tools to gather Active Directory attributes from users, groups and endpoints for each domain.
- (Optional) Obtain password hashes for offline password cracking
Analysis
- Conduct an analysis to determine the overly permissive users, groups and endpoints.
- Identify users vulnerable to Kerberoasting, AS-REP and password spraying
- (Optional) Conduct password cracking exercise
Measurement & Remediation
- Create PowerBI dashboard to display results of the analysis.
- Socialize the results in a readout to management
- Provide recommendations to address the most critical issues and long-term recommendations for Active Directory security