Audit Active Directory
ACTIVE DIRECTORY AUDIT
Microsoft Active Directory is a central component of most companies' information systems. An Active Directory domain controller is a prime target for an attacker since its compromise will provide the attacker with access to the company's resources. Whether in an audit context or following a proven compromise, the analysis of the security of the AD is essential and must be applied on a recurring basis.
It allows to reduce the attack surface and to prevent abuse risks, especially privilege escalation and persistence of an attacker within the information system.
This specific audit proposed by Synetis combines a configuration audit with an offensive audit of the Active Directory.
The security audit of the Active Directory environment is performed using the "configuration audit" approach, which means that the auditor has a privileged access account to the domain in order to verify the configuration and determine if the technical implementation of the target environment complies with good security practices and does not present a risk for the information system.
In parallel with the configuration audit, the offensive approach is carried out at the same time and is composed of a part carried out in black box (without user account), then a part in grey box (with user account). For these works, Synetis will try, as an illustration, to implement MitM attacks by LLMNR/NBNS or DHCPv6 poisoning, to carry out lateral displacements, to raise its privileges etc.
The approach proposed by Synetis (configuration audit work in parallel with offensive AD tests) allows for adetailed analysis of the configuration of the Active Directory, Domain Controllers, GPOs, services, AD structure, permissions and privileged accounts, etc.
Thus, at the end of this analysis, a precise roadmap can be edited in order to significantly increase the global security of the audited Active Directory domain.
Protection and monitoring of
Our Audit experts
answer your questions