ADDS Security: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
|||
Line 35: | Line 35: | ||
* [https://adsecurity.org/?p=1785 Malicious Security Support Provider (SSP)] | * [https://adsecurity.org/?p=1785 Malicious Security Support Provider (SSP)] | ||
* | * | ||
= Sources = | |||
* https://adsecurity.org/?s=sneaky | |||
* https://jumpespjump.blogspot.be/2015/03/thousand-ways-to-backdoor-windows.html |
Revision as of 11:59, 24 January 2017
Things to audit
in AD
- Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members
- Issued Certificates for users in sensitive, well known security groups
- Issued Certificates with Authentication Mechanism Assurance
- ACL on root
- ACL on OU's/Users/Groups
- ACL on AdminSDHolder
- ACL on GPO's
- ACL with replication permission
- Passwords of users
- Kerberos keys, golden/silver tickets/krbtgt hash
- Unexpected User User Account Control values
- SIDHistory values
In Config Partition
In DNS
- Secure Updates
In Group Policy
- Creation of Security Groups or Users on clients
- Definition of logon/startup scripts
- Modification of logon/startup scripts in sysvol
On DC
- Password Filter
- DSRM Password
- DSRMv2
- All autorun values
- Malicious Security Support Provider (SSP)