Keeping Active Directory secure is one of the most critical tasks for organizations’ information security. Keeping track of users’ activity is a fundamental part of AD security. But before jumping into purchasing shiny tools, there’s a lot you can do by simply changing and leveraging AD built-in audit capabilities.

Dealing with the massive architecture of client-server networks requires effective security measures. Everyone has become painfully aware of all dangerous fishes roaming around the pool of the network, trying to get access to the system. Having a weak password policy is a key vector for attackers to gain system access. However, admins can help protect password security of the wide-reaching network using Group Management Policy (GPO).

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

The main difference in LDAP vs Active Directory is that while both LDAP and Active Directory are used for querying user identity information, AD contains a complete network operating system with services such as DNS, DHCP etc. In contrast, LDAP does not have any of those functionalities. Understanding LDAP plays an essential part in getting to know your Active Directory better and preventing data breaches and unauthorised access.

Active Directory Certificate Services has been around for a long time, but resources for learning it are not great. As a result, it often has misconfigurations that are an increasing vector for attacks. In fact, SpecterOps released a whitepaper detailing a number of misconfigurations and potential attacks and providing hardening advice.

Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used. Similar to classic in-the-middle (ITM) or replay attacks, PetitPotam applies similar concepts to its relay attack.

With cyberattacks exploding around the world, it’s more important than ever for organizations to have a robust password policy. Hackers often gain access to corporate networks through legitimate user or admin credentials, leading to security incidents and compliance failures. In this article, we will explore how to create and maintain a strong and effective Active Directory password policy.

SpecterOps recently released an offensive security research paper that details techniques enabling an adversary to abuse insecure functionality in Active Directory Certificate Service. SpecterOps reports that abusing the legitimate functionality of Active Directory Certificate Service will allow an adversary to forge the elements of a certificate to authenticate as any user or administrator in Active Directory.

An Active Directory is a database that holds information about the security of an organization. It stores user accounts, and security settings to help organise all the information. Active Directory also stores a list of security groups that are created by the organisation to hold different levels or types of access permissions. Active Directory is a way that you can show people your home. If you are not careful and give too much permission to people, then it can be easy for others to do bad things.

In today’s modern era where everything is being digitised, cloud technology is playing a huge role in our everyday tech life. People want to use lesser physical resources, want easier management and trouble-shooting of their digital assets, hence increasing the usage of cloud technology.