“Every component in your on-prem environment that is part of a hybrid [Active Directory] configuration needs to be treated as a Tier 0 server, so they need to be protected as well as your domain controllers,” explains Dr. Nestori Synnimaa, AADInternals creator and Sr Principal Security Researcher at Secureworks Counter Threat Unit (CTU). Understanding this is key to hybrid identity protection.
“If you have hybrid identity, your on-prem environment is always connected to Azure AD,” Dr. Synnimaa continues. “You are synchronizing information. If you are able to compromise your Azure AD server, you can export the credentials … and if you are using password hash synchronization, you will now have keys to the kingdom, because those credentials have very powerful access to both Azure AD and on-prem AD… those credentials can get password hashes of any user in your directory.”
In a recent episode of the HIP Podcast, I spoke with Dr. Synnimaa about the origins of AADInternals and how the toolkit can help admins protect their Azure AD or hybrid AD environments.
“My job nowadays is to find the box of vulnerabilities before the bad guys do…,” Dr. Synnimaa notes. “I wanted to make it easy for administrators so that they can use the same techniques in their own environments that the treat actors are doing, but in a safe manner. Can your current security posture detect this technique? Better to [find out] before you’re being attacked.”
We also discuss the implications of Microsoft’s recent decision to deploy security defaults to all tenants that don’t have conditional access policies in place. You won’t want to miss it.
What is the Hybrid Identity Protection Podcast?
Launched in April 2020, the HIP Podcast is the premier podcast for cybersecurity pros charged with defending hybrid identity environments. In each episode, I interview some of the industry’s most knowledgeable—and interesting—experts. Want to learn more about the topics
Want more information about identity protection in an Azure AD or hybrid AD environment? Check out these resources: