{"id":8192,"date":"2024-07-22T13:27:48","date_gmt":"2024-07-22T11:27:48","guid":{"rendered":"https:\/\/smarttecs.com\/cyber-security\/services\/penetration-tests\/active-directory\/"},"modified":"2025-06-23T08:34:55","modified_gmt":"2025-06-23T06:34:55","slug":"active-directory","status":"publish","type":"page","link":"https:\/\/smarttecs.com\/en\/cyber-security\/services\/penetration-tests\/active-directory\/","title":{"rendered":"Active Directory"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
You are here:<\/div>
  1. Home<\/span><\/a><\/li>
  2. Page<\/span><\/li><\/ol>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Active Directory<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Penetration testing of
    Active Directory environments<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    During a penetration test of an Active Directory environment, the system is examined for security-relevant vulnerabilities from the perspective of an attacker. The focus of the investigation is on identifying deficiencies in the configuration of the overall system, which can lead to a serious escalation of rights or the complete compromise of the Active Directory. <\/p>\n

    The object of investigation is an on-premise, cloud (Azure AD) or hybrid environment of Microsoft Active Directory.<\/p>\n

    When examining an Active Directory environment, we follow the procedure model of the National Agency for Information Security (CERT-FR)<\/a> from our neighbors in France.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Why Active Directory Penetration Testing?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Active Directory Domain Services (AD DS) – abbreviated to Active Directory below – is a central directory for managing identities and authorizations within an organization and is a particularly sensitive component. Compromising this system can enable attackers to take control of numerous resources (servers, workstations, databases) within a company. <\/p>\n

    An organization’s Active Directory is therefore a particular focus of attackers and requires increased attention when hardening the configuration. The more than 20-year history of the product leads to considerable complexity, which can pose a challenge when it comes to security. <\/p>\n

    The analysts at SmartTECS Cyber Security GmbH therefore bring in the perspective of an attacker in order to identify vulnerabilities in the Active Directory and formulate concrete measures to eliminate them.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Goal<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The aim of penetration testing an Active Directory environment is:<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t
    \t\t\t
    \n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tthe identification of existing weak points\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    and misconfigurations of the Active Directory environment<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tthe recommendation of appropriate measures\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    to secure the Active Directory environment<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ta determination of the security level\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    of the Active Directory at the time of test execution based on the test results<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tthe identification of possible attack paths\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    which can lead to the compromise of highly privileged accounts or connected systems<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    In addition to the scope of the test, the specific test objectives and their prioritization are determined individually in advance in consultation with the client and the investigation is adapted accordingly.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    General test methodology<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The test methodology for testing an Active Directory environment by SmartTECS Cyber Security GmbH is based on the specifications of the German Federal Office for Information Security (BSI) for securing Active Directory [1] and on recommendations from the manufacturer Microsoft [2]. In addition, the checklist of the French National Agency for Information Security (CERT-FR) is used [3]. <\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Next Steps<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Once the study has been completed, there are various starting points for effectively continuing the previous analysis.<\/p>\n

    <\/h4>\n

    Red Teaming
    <\/span><\/h4>\n

    As part of a Red Team engagement, the focus can be placed on detecting and initiating countermeasures against an attacker in the company network. The focus is on optimizing processes and training the defenders (blue team). <\/p>\n<\/p>\n

    Further analyses of the Active Directory<\/h4>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t
    \t\t\t
    \n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tThe previous investigations can be extended to other parts of the Active Directory environment.\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    Further domains, forests or servers<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA repeated analysis\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    can check the effectiveness of the identified weaknesses once they have been eliminated.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tEvolving Active Directory environments\t\t\t\t\t\t\t\t\t\t\t<\/a>\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
    can be regularly checked for existing vulnerabilities. This can be done, for example, after the domain functional level of the Active Directory Domain Services has been raised. <\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Security consulting<\/span><\/h4>\n

    On the basis of the knowledge gained, targeted measures can be taken to raise the security level of the Active Directory environment that go beyond the mere elimination of vulnerabilities. This includes, for example, the implementation of the Enterprise Access Model<\/em> [4] in accordance with Microsoft’s recommendations or the targeted placement of traps (decoy users\/objects) for attackers within the Active Directory. <\/p><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Sources<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    [1] Federal Office for Information Security(BSI): Building block for securing Active Directory, https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Grundschutz\/IT-GS-Kompendium_Einzel_PDFs_2023\/06_APP_Anwendungen\/APP_2_2_Active_Directory_Domain_Services_Edition_2023.html<\/a><\/p>\n

    [2] Microsoft: Best Practices for Securing Active Directory, https:\/\/learn.microsoft.com\/en-us\/windows-server\/identity\/ad-ds\/plan\/security-best-practices\/best-practices-for-securing-active-directory<\/a> <\/p>\n

    [3] National Agency for Information Security (CERT-FR), France: Active Directory Security Assessment Checklist, https:\/\/www.cert.ssi.gouv.fr\/uploads\/guide-ad.html<\/a> <\/p>\n

    [4] Microsoft: Enterprise Access Model, https:\/\/learn.microsoft.com\/en-us\/security\/compass\/privileged-access-access-model<\/a> <\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Sie befinden sich hier: Start Active Directory Penetration testing of Active Directory environments During a penetration test of an Active Directory environment, the system is examined for security-relevant vulnerabilities from the perspective of an attacker. The focus of the investigation is on identifying deficiencies in the configuration of the overall system, which can lead to…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":8189,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-microsite.php","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-8192","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/comments?post=8192"}],"version-history":[{"count":2,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8192\/revisions"}],"predecessor-version":[{"id":8194,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8192\/revisions\/8194"}],"up":[{"embeddable":true,"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/pages\/8189"}],"wp:attachment":[{"href":"https:\/\/smarttecs.com\/en\/wp-json\/wp\/v2\/media?parent=8192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}