Security News
Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. "The visual attack graph representation of your Active Directory pops up in your browser, and you can explore things from there. The more data you add, the more insights you get: if you run the open-source Windows collector, you get local accounts, groups, services, file/registry permissions, etc., from both workstations and servers in the graph."
Tools like Specops Password Auditor are beneficial as they enable scanning and detection of weak passwords within AD, including those found in breached password lists. A third-party password solution that can enforce longer passwords, and block the use of high-probability passwords, is the best approach.
Japan's Space Exploration Agency has reported a cyber incident. Chief cabinet secretary Matsuno mentioned the incident in his morning briefing, telling reporters the agency suspected a breach, possibly to its Active Directory implementation, so conducted further research and found illegal access.
Please turn on your JavaScript for this page to function normally. Active Directory is a prime target for threat actors, and companies must act now to eliminate it as a threat vector permanently.
It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. "When the Zerologon vulnerability surfaced, it highlighted our urgent need for a test lab at work. Furthermore, a training lab became essential to adequately prepare our new pentesters for internal assessments. It's clear: necessity was the birthplace of this idea," Mayfly, pentester at Orange Cyberdefense and creator of GOAD, told Help Net Security.
In 2022, our in-house research found that 73% of the top attack techniques used in the compromising of critical assets involved mismanaged or stolen credentials - and more than half of the attacks in organizations include some element of Active Directory compromise. So now let's take a look into the anatomy of 3 actual Active Directory attack paths and see how attackers made their way through this environment.
Microsoft announced today that it would change the name of its Azure Active Directory enterprise identity service to Microsoft Entra ID by the end of the year. Azure AD offers a range of security features, including single sign-on, multifactor authentication, and conditional access, with Microsoft saying it helps defend against 99.9 percent of cybersecurity attacks.
Many attackers seeking to access SaaS apps choose to access them via a compromise of the on-prem environment, instead of attacking them directly through a browser. The common pattern of this kind of attack is to gain control of an employee's endpoint using social engineering and, once there, strive to compromise usernames and passwords to use them for malicious access to SaaS apps.
Active Directory is at the center of many attacks as it is still the predominant source of identity and access management in the enterprise. Hackers commonly target Active Directory with various attack techniques spanning many attack vectors.
Configure Active Directory securely with LDAP signing and LDAPS requirements, regularly rotate the KRBTGT password and use group-managed service accounts to rotate service account credentials. Enable multi-factor authentication and a strong password policy, augmented by solutions such as Specops Password Policy.