Security News

It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. "When the Zerologon vulnerability surfaced, it highlighted our urgent need for a test lab at work. Furthermore, a training lab became essential to adequately prepare our new pentesters for internal assessments. It's clear: necessity was the birthplace of this idea," Mayfly, pentester at Orange Cyberdefense and creator of GOAD, told Help Net Security.

In 2022, our in-house research found that 73% of the top attack techniques used in the compromising of critical assets involved mismanaged or stolen credentials - and more than half of the attacks in organizations include some element of Active Directory compromise. So now let's take a look into the anatomy of 3 actual Active Directory attack paths and see how attackers made their way through this environment.

Microsoft announced today that it would change the name of its Azure Active Directory enterprise identity service to Microsoft Entra ID by the end of the year. Azure AD offers a range of security features, including single sign-on, multifactor authentication, and conditional access, with Microsoft saying it helps defend against 99.9 percent of cybersecurity attacks.

Many attackers seeking to access SaaS apps choose to access them via a compromise of the on-prem environment, instead of attacking them directly through a browser. The common pattern of this kind of attack is to gain control of an employee's endpoint using social engineering and, once there, strive to compromise usernames and passwords to use them for malicious access to SaaS apps.

Active Directory is at the center of many attacks as it is still the predominant source of identity and access management in the enterprise. Hackers commonly target Active Directory with various attack techniques spanning many attack vectors.

Configure Active Directory securely with LDAP signing and LDAPS requirements, regularly rotate the KRBTGT password and use group-managed service accounts to rotate service account credentials. Enable multi-factor authentication and a strong password policy, augmented by solutions such as Specops Password Policy.

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in a report published this week.

Password salting is a technique for making passwords more difficult to crack by adding random values to the stored password hash. In order to understand password salting and its benefits however, it is necessary to understand how Windows stores passwords and some of the risks that are associated with storing passwords in that way.

With most organizations today using Microsoft's Active Directory Domain Services as their on-premises identity and access management authentication solution, it creates challenges for admins looking to bolster their password security. As an example, regex can help identify and filter the following passphrase elements in your Active Directory environment and can be used with custom requirements to define passphrases used in the environment.

While the use of text messaging goes a long way toward protecting an organization against cyber criminals who attempt to use stolen passwords as a way of gaining access to accounts, text messaging-based MFA has vulnerabilities of its own. Risk of text message use in multi-factor authentication.