Active Directory Security Assessment
he Active Directory Security Assessment (ADSA) is a specialised offering designed to provide you with a deep dive into security configuration and vulnerabilities that could be leveraged for company-wide attacks. This is followed by recommendations for risk mitigation and remediation measures.
Get in touch
Why is Active Directory security important?
Active directory is a central component to all steps of a cyber kill-chain. This is the primary reason why Active Directory security is a critical element for organisations.
Active directory (also known as ‘ad’) is a critical element for keeping corporate environments operational and downtimes are unthinkable in this day and age. The ultimate target of any cybercriminal is to compromise the domain controllers of a business, that are the heartbeat of any network resources. Once compromised, it allows open access to the entire estate.
Literally, it is direct access to staff emails, open access around differnet portals and applications, any user’s password hashes and infiltration across multiple networks in case of trusted domain relationships (with third-parties, multiple regions, etc).
It does not matter how many security solutions you have deployed, how many security resources you have on hand – without a secure Active Directory security misconfigurations, your environment is a low hanging fruit for attackers. Whether it is an insider attacker, an external attacker or supply chain attack vector – it all comes down to compromise of one, two or all three security principles – Confidentiality, Integrity and Availability.
Improve the big picture today. Book an AD security pentest.
How does AD security assessment works?
Our Active Directory security experts are with you to define the assets in scope covering primary security concerns and any specific requirements. AD risk assessments like these are defined with test cases built around both authenticated and unauthenticated attack vectors.
These objectives and understanding of environment is gained at this stage.
Information gathering phase works as first sub-phase of collecting information and intelligence about the AD structure and implementation.
First step to preparation is based on whether on-premises AD, Azure AD or hybrid model is in use. All the main components such as Active Directory domain services, certificate services, federation services (if ADFS in use), LDAP are taken into consideration at this point.
Number and layout of active directory infrastructure with all the domains, overall structure, company hierarchy and understanding of Active Directory forest all fall into this initial understanding.
A manual approach is followewd to perform checks such as hardening reviews against Domain Controllers – It covers assessing the services in use, auditing and account policies, password policies and kerberos settings.
Access control list reviews include ACL scans against DC computer objects, critical groups, user accounts and groups (backup, operators, etc).
Identify any escalation paths and GPO weaknesses that would help an attacker exploit privileged accounts memberships vertically or horizontally.
This phase includes specific activities such as identifying effective attack vectors, password cracking and statistical analysis to assess the password culture of a company.
Authentication and authorisation mechanisms are reviewed for the presence of any weaknesses around active direcotry forest, group membership, user accounts, privileged accounts (Enterprise admins, Domain Admins, Local Admins), service accounts and access controls. Checks around object ACLs’ covering security group memberships, AdminSDHolder, DCSync, trust relationships, integrated services (Azure Connect or others).
Active directory security best practices are checked against the following areas:
- AD infrastructure, logical structure across IT infrastructure
- Group Policy Security checks
- Domain Controller Security configuration
- Sites, Services, Namespace, Zones
- Authentication and Authorisation Mechanisms
- Password Data checks including Cracking, Hashing, Analysis
- AD delegation, User and Privileged Access Management
- Logging & Monitoring across SQL, Windows server and the entire domain
- Insecure Information Storage Practices
- Administrative workstations
- Anti-virus, Patching of Operating Systems, Backup, Services and Domain Controller checks
This includes analysis on the test output, evaluation of the Active Directory risk impact and attack likelihood before providing action plans to remediate the identified security vulnerabilities. All our reports address business as well as the technical audience with supporting raw sensitive data, including mitigation measures at strategic and tactical levels.
Our engagement process includes delivering a free of charge debrief to management and technical teams.
Cyphere also provide a remediation consultancy where we define and execute the risk mitigation plan.vulnerabilities
Active Directory security assessments issues
- Security configuration flaws at Group Policy level
- Kebreros (kerberoasting), NTLM , LDAP weaknesses
- Fine-grained password policies and privileged access controls
- OU, groups security flaws due to nesting, permissions, excessive privielges
- Insecure auditing/logging and monitoring
- Direct system vulnerabilities affecting security posture
- Environment specific security flaws (application white listing, advanced auditing, endpoint protection)
Key Benefits of Active Directory Security Assessment (ADSA)
- Measure an insider attacker's extent for exploitation
- Assess your corporate environment security posture
- Validate the effectiveness of your group policy security across the estate
- Identify the most common attack vectors and their risk remediation
- Align active directory infrastructure security best practices with business applications, portals
- Deliver an action plan to resolve the identified issues
See what people are saying about us
Excellent people to work with.
Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site.
Harman was great, really knowledgeable
Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business.
My experience of the team was 5 star.
They were so helpful, and their technical delivery and client communication were excellent.
Extremely satisfied
Extremely satisfied with approach, speed and end results. Thanks.
Active Directory Security Testing Methodology
To perform an Active Directory assessment, it is important to understand the context of business and associated assets in scope for the engagement. Our proven approach to security assessments is based on more than a decade of experience, industry practices and effective ways to exceed customer expectations.
Cyphere’s review methodology for active directory environments are broken down into the following phases:
- Initial scoping & objectives
- Information gathering
- Security hardening review
- Environment specifics
- Security best practices
- Detailed report & debrief
Our Pentest Engagement Approach
RecentBlog Entries
Healthcare Cyber Attack Statistics
As technology has advanced and the world has become more interconnected, the threat of cyber-attacks has become a significant concern for businesses, smaller healthcare organisations, …
Small business cyber attack statistics including surprises for 2023
A cyber attack or data breach is a threat to every business. Still, it can be more devastating for small businesses as they face numerous …
Penetration testing statistics, vulnerabilities and trends in 2023
The cyber-world is an ever-expanding network of digital systems and technologies that have revolutionized our lives and work. However, these advancements come with inherent vulnerabilities, …
Social engineering statistics you must know
It is rightly said that the weakest link, even in a most cyber-secure environment, is the human being which renders the entire organisation as vulnerable …
Malware statistics to be taken seriously in 2023
We live in a digital age, where new technologies are emerging daily, and old technologies are evolving and merging into new ones so fast that …
How to identify spam email? What to do with suspicious emails?
We have shared real-life examples of phishing emails which are a serious problem for both businesses and consumers. Read our article to learn how to prevent phishing attacks.