In a previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Active Directory permissions. Most approaches to elevating privileges within AD focus on administrative rights, stealing credentials and passwords, and performing pass-the-hash attacks. These are all very effective in their own right, but sometimes unnecessary. In many organizations, understanding how to take advantage of weak Active Directory permissions is enough to get you all the rights you need.
Active Directory provides security and control over critical information and systems. The ability to manage Active Directory is controlled through a series of permissions that are applied to different objects and containers. These permissions control critical capabilities such as modifying security group memberships and resetting the password of a privileged account. With the right permissions, it is possible to obtain any privilege and bypass nearly any security controls.
Active Directory permissions are rarely well-maintained. They are complicated and difficult to manage centrally, especially in environments with multiple domains and forests. Some common scenarios you will see when you inspect any organization’s AD permissions include:
If attackers know what permissions they need, it’s trivial to find and exploit these weaknesses.
Over the next four weeks, I’m not only going to detail four (4) attacks against Active Directory permissions you need to know about, but I’m also going to explain how they work, the techniques and tools real attackers use to perpetrate these attacks, and what you can do about them. Here’s the lineup:
Jeff Warren is Stealthbits’ General Manager of Products. Jeff has held multiple roles within the Technical Product Management group since joining the organization in 2010, initially building Stealthbits’ SharePoint management offerings before shifting focus to the organization’s Data Access Governance solution portfolio as a whole. Before joining Stealthbits – now part of Netwrix, Jeff was a Software Engineer at Wall Street Network, a solutions provider specializing in GIS software and custom SharePoint development.
With deep knowledge and experience in technology, product and project management, Jeff and his teams are responsible for designing and delivering Stealthbits’ high quality, innovative solutions.
Jeff holds a Bachelor of Science degree in Information Systems from the University of Delaware.
Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper!Read more
Start a Free Stealthbits Trial!
No risk. No obligation.