Active Directory Assessments

Limit the risk of overly permissive Active Directory groups and users by identifying and reducing the pathways to obtain privileged access.​ Understand which users, groups and endpoints have potential to provide an attacker pervasive control over the Windows environment.

Active Directory Security Assessment

Objectives

  • Limit the risk of overly permissive Active Directory groups and users by identifying and reducing the pathways to obtain privileged access.
  • Understand which users, groups and endpoints have potential to provide an attacker pervasive control over the Windows environment.
  • (Optional) Audit AD passwords for strength and commonalities using an offline password cracker.

Outcomes

  • Dashboard describing the overly permissive endpoints, users, and groups including those with a direct path to Domain Admin, Remote Desktop privileges and Local Admin privileges.
  • Identification of users that can be compromised via common attacks such as Kerberoasting, AS-REP and password spraying
  • Data on the most commonly used passwords, length and complexity.

SRA Advantages

  • SRA uses PowerBI to visualize the results and create an easily digestible dashboard
  • We perform focused pen testing and purple teaming to validate the results
  • SRA will assist in the remediation efforts to help limit the attack surface of compromised user accounts
  • SRA maintains a powerful 24-GPU offline password cracker

High Level Activities

Data Gathering

  • Run tools to gather Active Directory attributes from users, groups and endpoints for each domain.
  • (Optional) Obtain password hashes for offline password cracking

Analysis

  • Conduct an analysis to determine the overly permissive users, groups and endpoints.
  • Identify users vulnerable to Kerberoasting, AS-REP and password spraying
  • (Optional) Conduct password cracking exercise

Measurement & Remediation

  • Create PowerBI dashboard to display results of the analysis.
  • Socialize the results in a readout to management
  • Provide recommendations to address the most critical issues and long-term recommendations for Active Directory security