Active Directory (AD) is the backbone of most organizations' IT infrastructure, as it holds the accounts that control access to resources, as well as privileged accounts used for administration. Unfortunately, this makes it a prime target for cyberattacks. As a result, it's crucial to understand the different types of attacks that AD is vulnerable to and take measures to protect AD through privilege assurance.
Here are the top two methods attackers use to gain privileges in AD:
Misconfigurations: Immediate privilege escalation
Attackers often acquire credentials for AD user accounts as they compromise devices on the network. With these credentials, they must determine if any of them have privileges to access AD. One method they use is to enumerate AD, which requires only read access, which all AD user accounts have by default.
By enumerating AD, the attacker can obtain information about users and groups, including privileged user accounts. They can then compare this enumerated information with the credentials they have obtained, and if any of them match a privileged user account, they have immediate access to AD.
Misconfigurations: Attacks to gain privileges
If the attacker doesn't have any privileged credentials, the information obtained from enumerating AD can still be valuable. This is because some user and computer accounts have configurations that make them vulnerable to attacks.
When the attacker enumerates AD, they obtain information about which users and computers are vulnerable. For example, a user who is a member of a privileged group and also has a service principal name (SPN) configured is vulnerable. For computers, if the computer is configured with Unconstrained Kerberos Delegation, it can be easily attacked and impersonated.
Protecting privilege attacks
In order to protect AD from privilege attacks, take these steps immediately:
- Patch all domain controllers with the latest patches and service packs.
- Patch all servers and workstations with the latest patches and service packs.
- Ensure least privilege is upheld everywhere.
- Ensure all user and computer objects are secured from privilege escalation attacks.