ποΈ Active Directory Security
Master Active Directory security from fundamentals to advanced attack techniques. Essential knowledge for enterprise security professionals.
π― AD Fundamentals β
ποΈ Core Components
Understanding the building blocks of Active Directory
Domain Structure
Forests, domains & OUs
Hierarchical structure of forests, domains, and organizational units. Understanding trust relationships and domain boundaries.
Authentication
Kerberos & NTLM
Kerberos ticket-based authentication, NTLM fallback, and the authentication process in Active Directory environments.
Objects & Groups
Users, computers & groups
AD objects including users, computers, groups, and service accounts. Understanding group types and membership management.
Group Policy
Centralized management
Group Policy Objects (GPOs) for centralized configuration management, security settings, and software deployment.
βοΈ Common AD Attacks β
π― Attack Techniques
Understanding how attackers target Active Directory environments
β οΈ Ethical Use Only
These techniques are for educational purposes and authorized penetration testing only. Always ensure you have proper authorization before testing.
Enumeration
Information gathering
LDAP queries, BloodHound analysis, and PowerView enumeration to map AD structure and identify attack paths.
Kerberoasting
Service ticket attacks
Requesting service tickets for accounts with SPNs and offline cracking of the encrypted portions to recover passwords.
ASREPRoasting
Pre-auth disabled
Targeting accounts with Kerberos pre-authentication disabled to obtain crackable AS-REP responses.
Golden/Silver Tickets
Ticket forgery
Forging Kerberos tickets using compromised KRBTGT (Golden) or service account (Silver) hashes for persistence.
DCSync
Directory replication
Abusing directory replication permissions to extract password hashes from domain controllers remotely.
Pass-the-Hash/Ticket
Lateral movement
Using compromised NTLM hashes or Kerberos tickets to authenticate without knowing plaintext passwords.
π‘οΈ Defense Strategies β
π Hardening & Detection
Best practices for securing Active Directory environments
π Account Security
Strong password policies, account lockout settings, and privileged account management.
- Complex password requirements
- Regular password rotation
- Privileged Access Workstations (PAWs)
- Just-in-time administration
π Monitoring & Logging
Comprehensive logging and monitoring for suspicious activities and attack indicators.
- Advanced Audit Policy Configuration
- Sysmon deployment
- SIEM integration
- Honeypot accounts
ποΈ Architecture
Secure AD design principles and network segmentation strategies.
- Tiered administration model
- Network segmentation
- Domain controller hardening
- Trust relationship management
π Patch Management
Regular updates and vulnerability management for AD infrastructure.
- Regular security updates
- Vulnerability scanning
- Change management processes
- Backup and recovery procedures
π οΈ Essential Tools β
βοΈ AD Security Tools
Essential tools for AD security assessment and administration
BloodHound
Attack path analysis
Graph-based analysis tool for identifying attack paths and privilege escalation opportunities in AD environments.
Download BloodHoundImpacket
Python toolkit
Collection of Python classes for working with network protocols, including many AD attack techniques.
Get ImpacketPowerView
PowerShell enumeration
PowerShell tool for AD enumeration and situational awareness during penetration tests.
Get PowerViewMimikatz
Credential extraction
Tool for extracting credentials from memory and performing various Kerberos attacks.
Get Mimikatzπ‘ Pro Tip
Always test these tools in authorized lab environments first. Consider setting up a home lab with Windows Server and multiple domain-joined machines for practice.
π Ready to Secure Active Directory?
Continue your Windows security journey with privilege escalation techniques and essential tools