Security News > 2022 > September > 3 types of attack paths in Microsoft Active Directory environments
A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?".
What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.
These paths are numerous and exploiting any single attack path is difficult for defenders to detect, as attackers often use legitimate tools and credentials and their activities thus appear identical to normal user activity.
One of my favorite attack paths to fix is non-Domain Admins with ownership rights over Domain Controllers.
"Bob" could have created a server in the directory and sometime later that system is promoted into a DC - now Bob owns a DC. Anyone that can get access to Bob now has a path to compromise a DC. Here's why this is my favorite attack path: your internal business applications don't typically use the "Owner" relationship to function.
Even though some attack paths may not be fully eliminated, most organizations can significantly reduce their attack path exposure with minimal work and side effects.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)