Browsed by
Category: Active Directory

Any AD themed blogs

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 2

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 2

In the first blog of this series [link to first blog] we discussed how changes to groups with extensive privilege within an Active Directory (AD) environment are the target for many hackers. However, this is just one of the problems with monitoring critical systems. Challenge 2 – Group Policy Changes Group Policies are used to control and manage settings across all computers joined to Active Directory.  This includes critical security settings such as who has administrative access to systems and…

Read More Read More

What is an FSMO Role in Active Directory?

What is an FSMO Role in Active Directory?

Active Directory allows object creations, updates, and deletions to be committed to any authoritative domain controller. This is possible because every Active Directory domain controller maintains a writable copy of its own domain’s partition – except, of course, Read-Only Domain Controllers. After a change has been committed, it is replicated automatically to other domain controllers through a process called multi-master replication. This behavior allows most operations to be processed reliably by multiple domain controllers and provides for high levels of…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 1

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 1

As the methods that attackers use to compromise credentials and data continue to evolve, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activities. Most customers turn to security information and event management (SIEM) products to provide this monitoring.  While these solutions may be extremely powerful, they ultimately depend on the Windows event logs that are populated by Active Directory.  Event logs can be very complicated to work with, and ultimately do…

Read More Read More

Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups

Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups

At STEALTHbits, we often describe Active Directory as holding ‘the keys to the kingdom’. It stores the users and groups that grant access to an organization’s most sensitive information and should be protected for this very reason.  From an access management perspective, most administrators will stand behind the best practice of assigning access to groups instead of users. This is because it not only makes administration and management of this access more efficient for them but also has real benefits…

Read More Read More

What is a Global Catalog Server?

What is a Global Catalog Server?

The global catalog is a feature of Active Directory (“AD”) domain controllers that allows for a domain controller to provide information on any object in the forest, regardless of whether the object is a member of the domain controller’s domain. Domain controllers with the global catalog feature enabled are referred to as global catalog servers and can perform several functions that are especially important in a multi-domain forest environment: Authentication. During an interactive domain logon, a domain controller will process…

Read More Read More

ProTip: LDAP Reconnaissance

ProTip: LDAP Reconnaissance

The start of Active Directory attacks, like LDAP Reconnaissance, involves finding vulnerabilities on a network and grabbing “intel” about sensitive accounts like Domain, Enterprise, and Schema Admins. After an attacker initially compromises a system on a network, they will pretty much have no privileges in the domain. This leaves an attacker hungry for more, and with the way Active Directory is designed, they can query objects inside a directory pretty easily. LDAP queries are key in an attacker gaining this…

Read More Read More

How to Restore Deleted Active Directory Objects

How to Restore Deleted Active Directory Objects

AD Installation Overview As the primary authentication service in the majority of organizations worldwide, the health and operational integrity of Active Directory has a direct impact on the overall security of your organization. The capability to rollback and recover from changes to your Active Directory infrastructure, whether accidental or malicious, is an important and often overlooked aspect of your ability to maintain the security and performance of your network When Active Directory objects are deleted, they are placed in the Deleted…

Read More Read More

GDPR – One Year Later…

GDPR – One Year Later…

The penalty for failure to comply with the General Data Protection Regulation (GDPR) is up to $22 million or 4% of annual global turnover (whichever is greater). By now most organizations around the globe know that regardless of where they are based, this regulation affects them if they are doing business with EU citizens. Aside from having a responsibility to properly handling personal data, that amount of money can really hurt your business. For example, under the Data Protection Act of…

Read More Read More

Have I Been Pwned Database: Here’s What We Can Learn

Have I Been Pwned Database: Here’s What We Can Learn

Recently, I was doing some research on password security using breached password databases to understand the value they bring when trying to improve overall password security. One very good database is the “Have I been pwned” database. I’ve Been Pwned For those of you who have not used this excellent public resource, it’s a collection of over 551 million unique breached password hashes. The website allows you to see if your username or password has been exposed in a data…

Read More Read More

How to Backup and Recover Group Policy Objects

How to Backup and Recover Group Policy Objects

Editor’s note: This is the 5th and final blog series around Active Directory (AD) backup and recovery using STEALTHbits, StealthRECOVER. Read the 1st blog An Introduction to Active Directory Backup and Recovery, the 2nd blog Active Directory Object Recovery, the 3rd blog Active Directory Recover (Recycle Bin), and the 4th blog How to Rollback and Recover Active Directory Object Attributes. Welcome to the final post in this Active Directory Backup and Recovery blog series, which will discuss the backup and…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.