Exploring, Exploiting Active Directory Admin Flaws

Active Directory (AD) Administrators have adopted new methods to circumvent attackers and maintain positive control of their system. With the adoption of new tactics for AD admins, new exploits and attack styles have surfaced also. Multi-factor authentication (MFA) is a method commonly used by AD admins as well as password vaults. There are still ways to bypass MFA allowing attackers to gain access to an admin account and once an admin account has been compromised, MFA is easily bypassed on all other user levels. As with MFA, password vaults are being used to store and secure passwords. These are also able to be bypassed by attackers which could expose admin account data. It is recommended that AD admins not rely on one security control measure such as MFA or password vaults, but rather use multi-layer security and have as many controls in place as feasible to protect admin accounts.


Relevant URL(s): https://www.darkreading.com/vulnerabilities---threats/exploring-exploiting-active-directory-admin-flaws/d/d-id/1332593