Microsoft Active Directory is a central brick of the information system of most companies. An Active Directory domain controller is a prime target for an attacker, since compromising it will provide access to corporate resources. Whether in the context of an audit, or following a proven compromise, analysis of DBA security is essential and must be applied on a recurring basis.

It reduces the area of attack and prevents the risk of abuse, in particular the escalation of privilege and the persistence of an attacker within the information system.
This specific audit offered by Synetis combines a configuration audit with an offensive Active Directory audit.

The security audit of the Active Directory environment is carried out according to the “configuration audit” approach, i.e. the auditor is in possession of a privileged access account to the domain, with the aim of verifying the configuration and determining whether the technical implementation of the target environment complies with good security practices and presents no risk to the information system.

In parallel with the configuration audit, the offensive approach is carried out at the same time, and consists of a black-box part (without user account), followed by a grey-box part (with user account). For this work, Synetis will seek, as an illustration, to implement MitM attacks by LLMNR/NBNS or DHCPv6 poisoning, to carry out lateral displacements, to raise its privileges etc.