๐ Secure Bits ๐ก
๐๐ผ๐ ๐น๐ผ๐ป๐ด ๐ต๐ฎ๐ ๐๐ผ๐๐ฟ ๐๐ฐ๐๐ถ๐๐ฒ ๐๐ถ๐ฟ๐ฒ๐ฐ๐๐ผ๐ฟ๐ ๐ฏ๐ฒ๐ฒ๐ป ๐ฎ๐ฟ๐ผ๐๐ป๐ฑ?
The older the AD, the more โhistoryโ it carries. Admins change, projects come and goโฆ but the ๐น๐ฒ๐ณ๐๐ผ๐๐ฒ๐ฟ๐ ๐๐๐ฎ๐ – in the form of forgotten misconfigurations and risky settings that attackers love โ ๏ธ
Once an attacker gets a foothold, one of the first things they do is ask:
โWhat does this Active Directory hide?โ
๐๐ฒ๐ฟ๐ฒ ๐ฎ๐ฟ๐ฒ ๐ฎ ๐ณ๐ฒ๐ simple, often overlooked issues I still see during assessments:
๐ธ ๐ฃ๐ฎ๐๐๐๐ผ๐ฟ๐ฑ ๐ป๐ฒ๐๐ฒ๐ฟ ๐ฒ๐ ๐ฝ๐ถ๐ฟ๐ฒ๐ + password last changed 10+ years ago
Even worse when itโs a privileged/service account with an SPN.
๐ธ ๐ฆ๐๐ผ๐ฟ๐ฒ ๐ฝ๐ฎ๐๐๐๐ผ๐ฟ๐ฑ ๐๐๐ถ๐ป๐ด ๐ฟ๐ฒ๐๐ฒ๐ฟ๐๐ถ๐ฏ๐น๐ฒ ๐ฒ๐ป๐ฐ๐ฟ๐๐ฝ๐๐ถ๐ผ๐ป
I honestly donโt see a valid reason for this today.
๐ธ ๐๐ฐ๐ฐ๐ผ๐๐ป๐ ๐น๐ถ๐บ๐ถ๐๐ฒ๐ฑ ๐๐ผ ๐๐ฒ๐ฟ๐ฏ๐ฒ๐ฟ๐ผ๐ ๐๐๐ฆ ๐ฒ๐ป๐ฐ๐ฟ๐๐ฝ๐๐ถ๐ผ๐ป ๐๐๐ฝ๐ฒ๐
Weโre fighting to remove RC4โฆ DES should have been gone long ago.
๐ธ ๐๐ผ ๐ป๐ผ๐ ๐ฟ๐ฒ๐พ๐๐ถ๐ฟ๐ฒ ๐๐ฒ๐ฟ๐ฏ๐ฒ๐ฟ๐ผ๐ ๐ฝ๐ฟ๐ฒ๐ฎ๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป
This makes the account vulnerable to offline cracking-style attacks (and yes – I still see it).
These ๐ฎ๐ฟ๐ฒ๐ปโ๐ ๐ฒ๐ ๐ผ๐๐ถ๐ฐ ๐๐๐น๐ป๐ฒ๐ฟ๐ฎ๐ฏ๐ถ๐น๐ถ๐๐ถ๐ฒ๐. Theyโre just old โcheckboxโ settings that no one revisits – and they quietly turn into attack paths.
โธป
You can do a one-time cleanup, of course. But the real problem is ๐ฑ๐ฟ๐ถ๐ณ๐: things get changed over time and nobody notices.
โ Thatโs why I started collaborating with Forestall Security and their ISPM platform – its main value is ๐ฐ๐ผ๐ป๐๐ถ๐ป๐๐ผ๐๐ ๐บ๐ผ๐ป๐ถ๐๐ผ๐ฟ๐ถ๐ป๐ด ๐ผ๐ณ ๐๐ misconfigurations and threats, so you can catch risky changes before they become a finding (or an incident).
๐งช ๐ช๐ฎ๐ป๐ ๐๐ผ ๐๐ฟ๐ ๐ถ๐?
Because of the collaboration you can get a ๐ณ๐ฟ๐ฒ๐ฒ ๐๐ฟ๐ถ๐ฎ๐นย – comment or DM me.
When was the last time you checked your AD for these settings?
