Microsoft Active Directory is a central component of most companies' information systems. An Active Directory domain controller is a prime target for an attacker since its compromise will provide the attacker with access to the company's resources. Whether in an audit context or following a proven compromise, the analysis of the security of the AD is essential and must be applied on a recurring basis.

It allows to reduce the attack surface and to prevent abuse risks, especially privilege escalation and persistence of an attacker within the information system.
This specific audit proposed by Synetis combines a configuration audit with an offensive audit of the Active Directory.

The security audit of the Active Directory environment is performed using the "configuration audit" approach, which means that the auditor has a privileged access account to the domain in order to verify the configuration and determine if the technical implementation of the target environment complies with good security practices and does not present a risk for the information system.

In parallel with the configuration audit, the offensive approach is carried out at the same time and is composed of a part carried out in black box (without user account), then a part in grey box (with user account). For these works, Synetis will try, as an illustration, to implement MitM attacks by LLMNR/NBNS or DHCPv6 poisoning, to carry out lateral displacements, to raise its privileges etc.