![]() And the sad reality is that Microsoft doesn’t offer native MFA for Active Directory. What is the most recommended measures for preventing authentication attacks? Multi-factor authentication. ![]() Last, but not least, simply browsing the active directory once authenticated with a compromised account, provides important information for further exploitation (finding other accounts, finding abandoned, but not disabled accounts, finding passwords in description fields, etc).īasically, having access an authentication endpoint which interfaces the Active Directory allows attackers to gain access and then do lateral movement. Standard attacks like password spraying, credential stuffing and other brute forcing also apply, especially if the Exchange web access is enabled. Whether it would be weaknesses of Kerberos, “pass the ticket”, golden ticket, etc. ![]() While that may be changing in recent years with more advanced and cloud IAM and directory solutions, the landscape in the last two decades is a domination of Microsoft’s Active Directory.Īs a result of that dominance, many cyber attacks rely on exploiting some aspects of Active Directory. From my observation, the majority of organization rely on Active Directory for their user accounts. Active Directory is dominant in the enterprise world (as well as the public sector).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |