Active Directory Audit

Reduce attack surface and prevent risks!


formation MIC01 AD

Microsoft Active Directory is a central brick of the information system of most companies. An Active Directory domain controller is a prime target for an attacker, since compromising it will provide access to corporate resources. Whether in the context of an audit, or following a proven compromise, analysis of DBA security is essential and must be applied on a recurring basis.

It reduces the area of attack and prevents the risk of abuse, in particular the escalation of privilege and the persistence of an attacker within the information system.
This specific audit offered by Synetis combines a configuration audit with an offensive Active Directory audit.

The security audit of the Active Directory environment is carried out according to the “configuration audit” approach, i.e. the auditor is in possession of a privileged access account to the domain, with the aim of verifying the configuration and determining whether the technical implementation of the target environment complies with good security practices and presents no risk to the information system.

In parallel with the configuration audit, the offensive approach is carried out at the same time, and consists of a black-box part (without user account), followed by a grey-box part (with user account). For this work, Synetis will seek, as an illustration, to implement MitM attacks by LLMNR/NBNS or DHCPv6 poisoning, to carry out lateral displacements, to raise its privileges etc.

The approach proposed by Synetis (configuration auditing work in parallel with offensive AD tests) allows a detailed analysis of the configuration of the Active Directory, Domain Controllers, GPOs, services, AD structure, permissions and privilege accounts, etc.

At the end of this analysis, a precise roadmap can be drawn up to significantly increase the overall security of the Active Directory domain audited.

Protection and monitoring of si

Our Audit experts
answer your questions

These articles may be of interest to you: