Active Directory Attack Resistance

Active Directory Attack Resistance

Our Active Directory Attack Resistance Service uses an attacker based approach to assess whether an Active Directory instance has been set up and managed appropriately to defend against attackers.

What is Active Directory? 

Active Directory (AD) is a technology used on Microsoft Windows-based servers and computers, allowing administrators to create and manage domains, users and objects within a network.
It is a core service in many organisations, providing identity and access management, controlling and configuring systems and assigning security policies.  

Testing Active Directory installations

Over the years of performing red team tests we’ve noticed that, in the majority of these engagements, Active Directory configuration is one of the main weaknesses in an organisation’s defences.

Our Active Directory Attack Resistance Service is targeted directly at testing AD installations for common problems and covers the 3 top areas that we commonly find weaknesses in when performing red team engagements: password quality, credential harvesting and enterprise configuration.

Whilst testing some of the core controls that a red team tests, our Active Directory Attack Resistance Service incurs much lower overhead than a full red team assessment, stripping out some of the time and complexity this type of testing usually implies.
By using a standardised methodology for performing security testing of Active Directory, it can be easily integrated into a regular testing cycle - allowing you to regularly assess your AD installation for common problems and providing assurance that the core of your organisation’s network is secure.  

Key benefits of Active Directory Attack Resistance Service

  • Testing the core of your organisation’s corporate network
  • Covers the 3 top areas that weaknesses are commonly found in during red teaming engagements
  • Less complex and lengthy than a red team
  • Standardised methodology allows for easy integration into a regular testing programme

Methodology

Context will typically test the following core controls within Active Directory when performing this type of test:

  • Enterprise Configuration Review 
    Due to the large number of objects, groups, security groups, organisational units, etc. involved in a working Active Directory installation, it is common to find unintended combinations and stale accounts which result in the creation of a path for an attacker to gain domain administration level access. We identify these so they can be addressed and the paths removed.
  • Password quality
    Although enforcing minimum password quality is one of the first controls configured using AD, many organisations circumvent this for ease of use when practical processes such as forgotten passwords or setting a new employee’s temporary password come to be set up. To test an enterprise’s effectiveness at password management, Context attempt to crack as many passwords as possible using an offline approach and assess password change practices. We then identify and report on detrimental practices in the organisation in relation to password setting and usage.
  • Credential harvesting
    One of the common weaknesses identified through red teaming and our experience in responding to breaches in the wild is that valid credentials can be often found unsecured on network shares in an organisation. In this test Context search the client’s network for these and similar privileged information.

Every assessment is followed by a comprehensive report detailing the security weaknesses found, alongside recommendations on how to address them.

Why Context? 

Drawing on the breadth and depth of experience from conducting simulated attack and red team assessments for organisations of all sizes, Context has identified trends in the weaknesses we find. This has allowed us to create this unique, targeted service, to address these weak points directly and close this gap in organisations' security programmes.

Contact Us

Speak to us about implementing our Active Directory Attack Resistance Service with your ongoing assurance programme.

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider