Johannesburg, 19 Sep 2019
Active Directory (AD) was introduced to the IT world in the mid-1990s, and it has come a long way since then, undergoing several stages of expansion. With the evolution of AD, the attack landscape has also evolved. Attacks have become extremely sophisticated, and attackers are always on the lookout for exploitable opportunities.
Now, when we hear the word “attacker” or “hacker”, we often imagine a hooded figure crouched in front of a laptop, trying to break the strongest security protocols using their meticulous coding skills. Given AD’s popularity and longevity in the IT world, many think that it takes complex hacking knowledge to break into it. But the truth is that anyone can be an attacker.
The utilities and options introduced by Microsoft for the benefit of organisations (around which Microsoft has failed to build sufficient security parameters) are potential access points that can be abused to gain access to privileged accounts in no time. And the worst part? Users need the least privileges to carry out any of these exploits.
Microsoft's presentation, “There’s more than one way to get admin privileges”, provides you with educational content that proves a few key things: Anyone can be an attacker, anyone can be subject to an attack, and you do not need sophisticated tools to perform an attack. All you need is a computer and some motivation!
Instead of the usual information about traditional privilege escalation attacks, this slide deck addresses the various lesser-known techniques that hackers exploit to obtain administration rights, and how attackers can turn the unique selling points (USPs) of AD and Windows ecosystems into exploitable targets just by some careful manipulation. Microsoft will expose you to vulnerabilities in AD and Windows that even scripting novices can exploit to gain access to privileged accounts. And most importantly, Microsoft also provides counter-measures that you need to take to avoid falling prey to these exploits.
So, let’s take this journey to understand AD security from an attacker’s perspective because, after all, the best defence only comes when we truly understand the offence.
Share
ManageEngine
ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging enterprises - including more than 60 percent of the Fortune 500 - rely on our real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications, desktops and more. We have offices worldwide, including the United States, the Netherlands, India, Singapore, Japan, China, and Australia as well as a network of 200+ global partners to help organizations tightly align their businesses and IT. For more information, please visit www.manageengine.com; follow the company blog at blogs.manageengine.com and on LinkedIn at www.linkedin.com/company/manageengine, Facebook at www.facebook.com/ManageEngine and Twitter @ManageEngine.
ITR Technology
ITR Technology have been the sole distributers of ManageEngine software in South Africa for over 18 years. With certified support engineers, a dedicated sales team and a newly constructed ManageEngine training centre, ITR Technology values making a difference in the lives of South African IT professionals. For more information, please visit ManageEngine Products or follow us Facebook www.facebook.com/itrtech/, Twitter https://twitter.com/ITRTech_za and LinkedIn www.linkedin.com/company/ITRTechnology (ManageEngine South Africa).