Hacking and Securing Active Directory

Hacking techniques for AD: “state of the art” (but scary!) with possible mitigation (when possible) + a few new methods… https://adsecurity.org/wp-content/uploads/2015/08/DEFCON23-2015-Metcalf-RedvsBlue-ADAttackAndDefense-Final.pdf https://github.com/infosecn1nja/AD-Attack-Defense https://specterops.io/resources/research-and-development https://github.com/wavestone-cdt/AD-security-workshop https://www.labofapenetrationtester.com/ https://github.com/fireeye/commando-vm For GPO Audit : https://github.com/l0ss/Grouper2 Spraykatz: https://www.slideshare.net/sylvaincortes/spraykatz-installation-basic-usage https://github.com/aas-n/spraykatz ReverseTCP shell: https://www.youtube.com/watch?v=T9qb4DIAXTg&feature=youtu.be https://github.com/ZHacker13/ReverseTCPShell Securing AD: AD Explorer: https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer https://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory http://video.ch9.ms/sessions/teched/na/2014/DCIM-B213.pptx https://www.pingcastle.com/ AD Authentication silos and more: https://www.sstic.org/user/abordes MS white-paper best practicesContinue reading “Hacking and Securing Active Directory”

AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: https://www.cert.ssi.gouv.fr/uploads/guide-ad.html https://github.com/PaulSec/awesome-windows-domain-hardening Pingcastle: to audit an AD domain https://www.pingcastle.com/ AD explorer (sysinternals): https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer Microsoft audit Policy settings and recommendations: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations Sysinternals sysmon: to audit and control changes https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On ADsecurity.org: Beyond domain admins: https://adsecurity.org/?p=3700 Gathering AD data with PowerShell: https://adsecurity.org/?p=3719 Hardening Windows computers, secure Baseline check list: https://adsecurity.org/?p=3299Continue reading “AD – Securing Domain Controllers / hardening Windows domain and computers”

AD – Advanced Threat Analytics (ATA) and Azure ATP

An alternative to Azure ATP / ATA => Alsid: https://www.alsid.com/alsid-solution    =================================== Azure ATP ======================================= What is Azure ATP: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-amp Azure ATP release notes: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-whats-new Suspicious activity guide: https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide   Unified on MCAS, Azure ATP and Azure AD identity protection: Microsoft has three identity-centric security products offering detection capabilities across on-premise and in the cloud: Azure AdvancedContinue reading “AD – Advanced Threat Analytics (ATA) and Azure ATP”