Security News > 2022 > September > 3 types of attack paths in Microsoft Active Directory environments
A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?".
What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.
These paths are numerous and exploiting any single attack path is difficult for defenders to detect, as attackers often use legitimate tools and credentials and their activities thus appear identical to normal user activity.
One of my favorite attack paths to fix is non-Domain Admins with ownership rights over Domain Controllers.
"Bob" could have created a server in the directory and sometime later that system is promoted into a DC - now Bob owns a DC. Anyone that can get access to Bob now has a path to compromise a DC. Here's why this is my favorite attack path: your internal business applications don't typically use the "Owner" relationship to function.
Even though some attack paths may not be fully eliminated, most organizations can significantly reduce their attack path exposure with minimal work and side effects.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)