Active Directory Kill Chain Attack & Defense – A Complete Guide & Tools

Świetne zestawienie narzędzi do Ataku & Obrony Active Directory obejmujące:

Discovery

  • SPN Scanning
  • Data Mining
  • User Hunting
  • LAPS
  • AppLocker
  • Active Directory Federation Services

Privilege Escalation

  • Abusing Active Directory Certificate Services
  • PetitPotam
  • Zerologon
  • Passwords in SYSVOL & Group Policy Preferences
  • MS14-068 Kerberos Vulnerability
  • DNSAdmins
  • Kerberos Delegation
  • Unconstrained Delegation
  • Constrained Delegation
  • Resource-Based Constrained Delegation
  • Insecure Group Policy Object Permission Rights
  • Insecure ACLs Permission Rights
  • Domain Trusts
  • DCShadow
  • RID
  • Microsoft SQL Server
  • Red Forest
  • Exchange
  • NTLM Relay & LLMNR/NBNS

Lateral Movement

  • Microsoft SQL Server Database links
  • Pass The Hash
  • System Center Configuration Manager (SCCM)
  • WSUS
  • Password Spraying
  • Automated Lateral Movement

Defense Evasion

  • In-Memory Evasion
  • Endpoint Detection and Response (EDR) Evasion
  • OPSEC
  • Microsoft ATA & ATP Evasion
  • PowerShell ScriptBlock Logging Bypass
  • PowerShell Anti-Malware Scan Interface (AMSI) Bypass
  • Loading .NET Assemblies Anti-Malware Scan Interface (AMSI) Bypass
  • AppLocker & Device Guard Bypass
  • Sysmon Evasion
  • HoneyTokens Evasion
  • Disabling Security Tools

Credential Dumping

  • NTDS.DIT Password Extraction
  • SAM (Security Accounts Manager)
  • Kerberoasting
  • Kerberos AP-REP Roasting
  • Windows Credential Manager/Vault
  • DCSync
  • LLMNR/NBT-NS Poisoning

Persistence

  • Golden Ticket
  • SID History
  • Silver Ticket
  • DCShadow
  • AdminSDHolder
  • Group Policy Object
  • Skeleton Keys
  • SeEnableDelegationPrivilege
  • Security Support Provider
  • Directory Services Restore Mode
  • ACLs & Security Descriptors
  • Tools & Scripts
  • Cheat Sheets
  • Azure Active Directory
     

Defense & Detection

  • Tools & Scripts
  • Sysmon Configuration
     

Zestawienie zawiera również dodatek - Active Directory Security Checks (by Sean Metcalf – @Pyrotek3)

  • General Recommendations
  • Protect Admin Credentials
  • Protect AD Admin Credentials
  • Protect Service Account Credentials
  • Protect Resources
  • Protect Domain Controller
  • Protect Workstations (& Servers)
  • Logging
  • Security Pro’s Checks

Szczegóły wraz z linkami do narzędzi można znaleźć na  https://cybersecuritynews.com/active-directory-checklist/

 

Powrót na stronę główną