Active Directory Kill Chain Attack & Defense – A Complete Guide & Tools | ITSecurity24.info

Deprecated: Return type of Drupal\Core\Render\Markup::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /home/mizerski/ftp/itsecurity24data/core/lib/Drupal/Component/Render/MarkupTrait.php on line 71

Deprecated: Return type of Drupal\Core\Render\Markup::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /home/mizerski/ftp/itsecurity24data/core/lib/Drupal/Component/Render/MarkupTrait.php on line 61
Active Directory Kill Chain Attack & Defense – A Complete Guide & Tools | ITSecurity24.info

Active Directory Kill Chain Attack & Defense – A Complete Guide & Tools

Świetne zestawienie narzędzi do Ataku & Obrony Active Directory obejmujące:

Discovery

SPN Scanning
Data Mining
User Hunting
LAPS
AppLocker
Active Directory Federation Services

Privilege Escalation

Abusing Active Directory Certificate Services
PetitPotam
Zerologon
Passwords in SYSVOL & Group Policy Preferences
MS14-068 Kerberos Vulnerability
DNSAdmins
Kerberos Delegation
Unconstrained Delegation
Constrained Delegation
Resource-Based Constrained Delegation
Insecure Group Policy Object Permission Rights
Insecure ACLs Permission Rights
Domain Trusts
DCShadow
RID
Microsoft SQL Server
Red Forest
Exchange
NTLM Relay & LLMNR/NBNS

Lateral Movement

Microsoft SQL Server Database links
Pass The Hash
System Center Configuration Manager (SCCM)
WSUS
Password Spraying
Automated Lateral Movement

Defense Evasion

In-Memory Evasion
Endpoint Detection and Response (EDR) Evasion
OPSEC
Microsoft ATA & ATP Evasion
PowerShell ScriptBlock Logging Bypass
PowerShell Anti-Malware Scan Interface (AMSI) Bypass
Loading .NET Assemblies Anti-Malware Scan Interface (AMSI) Bypass
AppLocker & Device Guard Bypass
Sysmon Evasion
HoneyTokens Evasion
Disabling Security Tools

Credential Dumping

NTDS.DIT Password Extraction
SAM (Security Accounts Manager)
Kerberoasting
Kerberos AP-REP Roasting
Windows Credential Manager/Vault
DCSync
LLMNR/NBT-NS Poisoning

Persistence

Golden Ticket
SID History
Silver Ticket
DCShadow
AdminSDHolder
Group Policy Object
Skeleton Keys
SeEnableDelegationPrivilege
Security Support Provider
Directory Services Restore Mode
ACLs & Security Descriptors
Tools & Scripts
Cheat Sheets
Azure Active Directory

Defense & Detection

Tools & Scripts
Sysmon Configuration

Zestawienie zawiera również dodatek - Active Directory Security Checks (by Sean Metcalf – @Pyrotek3)

General Recommendations
Protect Admin Credentials
Protect AD Admin Credentials
Protect Service Account Credentials
Protect Resources
Protect Domain Controller
Protect Workstations (& Servers)
Logging
Security Pro’s Checks

Szczegóły wraz z linkami do narzędzi można znaleźć na https://cybersecuritynews.com/active-directory-checklist/

Powrót na stronę główną

Tags

Copyright © 2021. All rights reserved.