Security News > 2022 > September > 3 types of attack paths in Microsoft Active Directory environments
A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?".
What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.
These paths are numerous and exploiting any single attack path is difficult for defenders to detect, as attackers often use legitimate tools and credentials and their activities thus appear identical to normal user activity.
One of my favorite attack paths to fix is non-Domain Admins with ownership rights over Domain Controllers.
"Bob" could have created a server in the directory and sometime later that system is promoted into a DC - now Bob owns a DC. Anyone that can get access to Bob now has a path to compromise a DC. Here's why this is my favorite attack path: your internal business applications don't typically use the "Owner" relationship to function.
Even though some attack paths may not be fully eliminated, most organizations can significantly reduce their attack path exposure with minimal work and side effects.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)