Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Active Directory Review

Domain controllers are the heartbeat of your network. Remote compromises could be directly impact your brand position, leading to reputational and/or legal implications.

Read more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Active directory in an internal network is what similar a heart inside one's body. You can't survive without secure and healthy Active Directory.

Active Directory (AD) is a directory service offered by Microsoft for Windows networks. A collective set of rules upon which authentication and authorization is centrally managed as part of Windows domain concept. Active Directory handles the user password policies (change, submission, hashing, length/etc), and user authorization (privileges i.e. domain admin, local admin and roles/group memberships) functionalities. 

More than 95% of the organisations use Active Directory for internal corporate environments, therefore, making it a critical infrastructure asset.  From a low level user logging into his corporate workstation in the office to login privileges into the backend databases containing customer payment records is all part of a single domain handling the authentication and authorisation. This is why it makes active directory as an interesting subject for offensive security domain. 

Why you need Active Directory Review?

Active Directory access for an attacker is equivalent of keys to the kingdom

Active Directory is central to all the key steps of the cyber kill chain framework that is part of Intelligence Driven Defense by Lockheed Martin. In order to infiltrate into the corporate networks, whether it's lateral movement, privilege escalation within certain set of systems, or malware propagation - active directory abuse if key to these factors. 

The following are some of the most common issues identified during active directory audits:

  • Insecure Password Controls
  • Outdated encryption support (NTLM)
  • Impersonation of users
  • Password Caching
  • Insecure Logging and Monitoring
  • Same Local Administrator Password
  • Common misconfigurations such as nesting of AD groups, group policy settings 

Methodology

Below is our methodology designed based on our years of experience delivering this work. 

Communication & Debrief

We take customer communication as seriously as reporting or assessment execution. We engage with customers during all stages, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help the customers understand the weaknesses and prepare a mitigation plan.

Reporting

The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels. 

Password Analysis

This phase involves performing password cracking and statistical analysis of the passwords. Conducting password analysis would provide you an indicator of the password culture within the organisation. A list of top used passwords and nature of these passwords, password reuse, privileged accounts and password policies are included during the review. Using our database of leaked passwords and the hardware specialised for password analysis, our consultants will be happy to give you an in-depth review of the password strength based on the hashes supplied.

Credential Harvesting

This is one of the lowest hanging fruits for a threat actor searching for lateral movement. Our real life experience has taught us to live by this 'must have' rule in our methodology. Defendza searches the customer's network for valid credentials that are stored in text-readable formats or any alternative forms of insecure encryption.

Privilege Escalation

The first level of access achieved from the "low-hanging" fruits found in previous phases does not allow full access to the underlying target. An attacker may not perform desired tasks for further activities such as password hashes retrieval, adding privileged users or tasks. Privilege escalation techniques are attempted by exploiting a bug, design flaw or configuration oversight in an operating system, or software/application to gain elevated access. This allows our security experts to perform elevated tasks that are key for lateral movement to infiltrate into the target network. 

Attack & Exploit

Using an open-source, commercial, and custom scripts, vulnerabilities that would cause no network or host level impact are targeted for exploitation. The objective here is to find higher-level privileges to achieve the highest possible access on a system. This system is then used as a base for further lateral movement in order to attempt to compromise the entire network, domain, or the agreed target. Based on the scope of the project, this access can be maintained for days to achieve further objectives or considered a completion of the assessment.

Vulnerability Analysis

The prioritised list of targets is scanned for vulnerabilities. This assessment involves checking both published as well as undocumented vulnerabilities against the target assets.  We sift through the scan results for false positives. The manual assessment ensures that only verified vulnerabilities are focused upon.

Discovery

In this phase, we profile the target, i.e. a network, a server, or a device. This is a non-intrusive exercise and involves activities like analysing the network, understanding the different assets and services, operating systems, programs in use, and anything related to network layout. This is a fundamental step and helps to prepare for the next stage of finalising targets and finding weaknesses.

Schedule an In-depth Active Directory Review
Call Us Now

Why Defendza ?

Our qualifications

Defendza as a business, as well as its consultants, are equipped with some of the best-known certifications, accreditations and qualifications globally. These include CREST, GCloud 11 Framework, ISO quality management certifications for the business and our consultants are Ex Check Team Leaders/CCT Infrastructure (2012, 2015) and Web Applications (2009,2012,2015), OSCP (Offensive Security Certified Professional), CREA (Certified Reverse Engineering Analyst), CREA (Certified Binary Auditing Expert), CISSP (Certified Information Security Systems Professional), SANS GSEC & GCIH Silver (Hacker Techniques and Incident Handling), CCNA (Cisco Certified Network Associate), CEH (Certified Ethical Hacker). 

Focus on Customer Business

Cyber security is a business enabler. We make sure we understand your business and its needs so that we can help you grow your business in the certain knowledge that it’s protected.

Our No Nonsense Approach

Client service underpins everything we do.

Our advisory services follow a 'no surprises' approach offered with clear and concise communication. All the proposals are customised centering on project-based requirements as captured during the scoping discussions. 

Key Benefits

In-Depth Statistical Password Analysis and Much More. Get in Touch.
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Resources

Manufacturers Can’t Afford the Cyber Risks

09/06/2019

Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces