Security News > 2022 > September > 3 types of attack paths in Microsoft Active Directory environments

3 types of attack paths in Microsoft Active Directory environments
2022-09-28 04:30

A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?".

What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.

These paths are numerous and exploiting any single attack path is difficult for defenders to detect, as attackers often use legitimate tools and credentials and their activities thus appear identical to normal user activity.

One of my favorite attack paths to fix is non-Domain Admins with ownership rights over Domain Controllers.

"Bob" could have created a server in the directory and sometime later that system is promoted into a DC - now Bob owns a DC. Anyone that can get access to Bob now has a path to compromise a DC. Here's why this is my favorite attack path: your internal business applications don't typically use the "Owner" relationship to function.

Even though some attack paths may not be fully eliminated, most organizations can significantly reduce their attack path exposure with minimal work and side effects.


News URL

https://www.helpnetsecurity.com/2022/09/28/3-types-attack-paths-microsoft-active-directory-environments/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400