Active Directory Security Assessment
- Limit the risk of overly permissive Active Directory groups and users by identifying and reducing the pathways to obtain privileged access.
- Understand which users, groups and endpoints have potential to provide an attacker pervasive control over the Windows environment.
- (Optional) Audit AD passwords for strength and commonalities using an offline password cracker.
- Dashboard describing the overly permissive endpoints, users, and groups including those with a direct path to Domain Admin, Remote Desktop privileges and Local Admin privileges.
- Identification of users that can be compromised via common attacks such as Kerberoasting, AS-REP and password spraying
- Data on the most commonly used passwords, length and complexity.
- SRA uses PowerBI to visualize the results and create an easily digestible dashboard
- We perform focused pen testing and purple teaming to validate the results
- SRA will assist in the remediation efforts to help limit the attack surface of compromised user accounts
- SRA maintains a powerful 24-GPU offline password cracker
High Level Activities
- Run tools to gather Active Directory attributes from users, groups and endpoints for each domain.
- (Optional) Obtain password hashes for offline password cracking
- Conduct an analysis to determine the overly permissive users, groups and endpoints.
- Identify users vulnerable to Kerberoasting, AS-REP and password spraying
- (Optional) Conduct password cracking exercise
Measurement & Remediation
- Create PowerBI dashboard to display results of the analysis.
- Socialize the results in a readout to management
- Provide recommendations to address the most critical issues and long-term recommendations for Active Directory security