AD Security 101

Pass the Hash Attack Defense: AD Security 101

Pass the Hash Attack Defense: AD Security 101

  • Daniel Petri
  • Jan 18, 2024

Many Active Directory attacks begin with a stolen password. However, a Pass the Hash attack takes a different approach. In this example of credential theft, threat actors instead steal a user’s password hash. The attack is difficult to detect and can lead to privilege escalation and serious damage to your…

How to Defend Against a Pass the Ticket Attack: AD Security 101

How to Defend Against a Pass the Ticket Attack: AD Security 101

  • Daniel Petri
  • Jan 11, 2024

Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems, monitor and secure Active Directory, and follow robust security measures for credential and ticket protection are at a higher risk.…

How to Defend Against Golden Ticket Attacks: AD Security 101

How to Defend Against Golden Ticket Attacks: AD Security 101

  • Daniel Petri
  • Jan 04, 2024

Golden Ticket attacks are particularly cunning. Like Kerberoasting, Golden Ticket attacks exploit the Kerberos authentication system and are one of the most severe threats to Active Directory environments. Here’s more information about this type of attack and how you can defend your Active Directory environment. What is a Golden Ticket…

How to Defend Against MFA Fatigue Attacks: AD Security 101

How to Defend Against MFA Fatigue Attacks: AD Security 101

  • Daniel Petri
  • Dec 05, 2023

An MFA fatigue attack—also known as MFA bombing—is an attack tactic, technique, and procedure (TTP) in which a threat actor floods users with multifactor authentication (MFA) requests. By overwhelming, confusing, or distracting the user into approving a fraudulent request, attackers hope to gain access to your network environment. Microsoft recently…

How to Prevent a Man-in-the-Middle Attack: AD Security 101

How to Prevent a Man-in-the-Middle Attack: AD Security 101

  • Daniel Petri
  • Jul 13, 2023

Man-in-the-middle attacks, also known as MitM attacks, are a form of eavesdropping. These attacks can pose a serious threat to organizations' network security, particularly in environments that use Microsoft Active Directory (AD) for identity management. What is a man-in-the-middle attack? In a man-in-the-middle attack, a malicious actor positions themselves between…

AD Security 101: Securing Primary Group IDs

AD Security 101: Securing Primary Group IDs

  • Daniel Petri
  • Jul 05, 2023

Welcome to AD Security 101, a series that covers the basics of Active Directory (AD) security. This week, we look at primary group IDs and how unnecessary changes to them can complicate account management. Attackers can also exploit primary group IDs to introduce security risks, including privilege escalation, and to…

Resource-Based Constrained Delegation: AD Security 101

Resource-Based Constrained Delegation: AD Security 101

  • Daniel Petri
  • Jun 23, 2023

Resource-based constrained delegation (RBCD) is an Active Directory (AD) security feature that enables administrators to delegate permissions in order to manage resources more securely and with greater control. Introduced in Windows Server 2012 R2 as an enhancement to the traditional Kerberos constrained delegation (KCD), RBCD can help to reduce the…

AD Security 101: Lock Down Risky User Rights

AD Security 101: Lock Down Risky User Rights

  • Daniel Petri
  • Jun 16, 2023

In Active Directory (AD) environments, you can use Group Policy Objects (GPOs) to configure user rights. By using GPOs, you can easily enforce consistent user rights policies across all computers in the domain or organizational unit (OU). This capability makes it easier to manage and maintain user access control over…