Adversaries see Active Directory as: FOUNDATIONALīecause the entire organization is tied into Active Directory, an attacker can gain control of any computer, any user, any business process by first taking control of Active Directory. Features like security group delegation, Group Policy, and domain trusts enable Active Directory admins to organize and control the IT environment so that it best serves the requirements of the organization. POWERFULĪctive Directory includes several powerful features that simplify user and endpoint management, increase uptime, and streamline the endpoint user experience. That ubiquity comes with several benefits for organizations, including a rich community to get support, a highly mature Active Directory management and engineering training ecosystem, and a large talent pool filled with thousands of professionals with years (even decades) of experience in Active Directory. Banks, government and military agencies, retailers, small businesses, and the vast majority of the Fortune 500 use Active Directory 3. UBIQUITOUSĪctive Directory is by far the most widely used directory service product. Organizations see Active Directory as: FOUNDATIONALĪctive Directory is the foundation upon which access is managed for endpoint management services, identity and authentication services, email authentication, and critical business operations are built, making it one of - if not THE most - critical services used by organizations of all sizes. Microsoft Active Directory and Azure Active Directory are directory service products that provide several critical services to organizations: identity and access management, endpoint management, business application management, and much, much more. The concepts discussed here will focus on Active Directory (both Microsoft Active Directory and Azure Active Directory), but can be applied to other identity and access management systems, such as AWS and G-Suite.
Bloodhunt malware full#
These platforms provide the greatest payoff for attackers, since taking control of the fundamental identity platform for an enterprise grants full control of all users, systems, and data in that enterprise.
Today, the problem of Attack Paths is felt most acutely in the world of Microsoft Active Directory and Azure Active Directory. The primary goal of Attack Path Management (APM) is to directly solve the problem of Attack Paths. Defenders have been plagued by Attack Paths for decades (whether they’ve known it or not), but have never been able to directly deal with the root cause of those Attack Paths. While Attack Paths are not new, existing defensive literature is too academic to be practical, and practical tools have focused on Attack Paths from the attacker perspective - not the defender’s. In 2016, we created BloodHound to make our jobs as red teamers easier: ( ). Microsoft Research published a paper in 2009 describing Attack Paths as “ Identity snowball attacks leverage the users logged in to a first compromised host to launch additional attacks with those users’ privileges on other hosts.” 1 The French government presented their work in 2014 to “…highlight control paths involving non-trivial chains of relations and objects… to measure the effective extent of an account’s power”, titled “Active Directory Control Paths” 2.
0 kommentar(er)
