1 minute read

TOP EXPLOITABLE SETTINGS IN ACTIVE DIRECTORY

Next Article

from Active Directory Security Needs Immediate Attention, page 5

Article from: Active Directory Security Needs Immediate Attention
BAD ACTIVE DIRECTORY SECURITY ...

To prove that your AD is not secure and could be exploited, here are a few settings that are nearly always misconfigured and exploitable.

AdminSDHolder

The default object responsible for continuously ensuring the security of all privileged users and groups is consistent

Primary Group ID

A legacy setting used by Mac clients and POSIX applications for associating a user with a specific group

SIDHistory

A user attribute used during a migration so users can access resources in their original domain

Privileged Groups

Both default and post-install created groups allowing users to perform administrative tasks on AD, services, applications, etc.

Service Principal Names

Attributes used to allow service accounts to perform actions on behalf of the service they support

This article is from:
Cover of "Active Directory Security Needs Immediate Attention"

Active Directory Security Needs Immediate Attention

by complytec