ADDS Security: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 11: Line 11:
* Passwords of users
* Passwords of users
* Kerberos keys, golden/silver tickets/krbtgt hash
* Kerberos keys, golden/silver tickets/krbtgt hash
* Kerberoast
* Unexpected User User Account Control values
* Unexpected User User Account Control values
** Store password using reversible encryption on accounts
** Store password using reversible encryption on accounts
Line 31: Line 32:


==On DC==
==On DC==
* Effective GPO settings (see above)
* [https://mendel129.wordpress.com/tag/password-filter-a-dll/ Password Filter]
* [https://mendel129.wordpress.com/tag/password-filter-a-dll/ Password Filter]
* DSRM Password
* DSRM Password
Line 36: Line 38:
* All [https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396 autorun values]
* All [https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396 autorun values]
* [https://adsecurity.org/?p=1760 Malicious Security Support Provider (SSP)]  
* [https://adsecurity.org/?p=1760 Malicious Security Support Provider (SSP)]  
* Local User Rights Assignments
*
*


= Sources =
= Sources =
* https://adsecurity.org/?s=sneaky
* https://adsecurity.org/?s=sneaky
* https://adsecurity.org/?p=2293
* https://jumpespjump.blogspot.be/2015/03/thousand-ways-to-backdoor-windows.html
* https://jumpespjump.blogspot.be/2015/03/thousand-ways-to-backdoor-windows.html

Latest revision as of 10:50, 31 January 2017

Things to audit

in AD

  • Sensitive, well known security Groups (Domain Admins, Enterprise Admins, Administrators) and its members
  • Issued Certificates for users in sensitive, well known security groups
  • Issued Certificates with Authentication Mechanism Assurance
  • ACL on root
  • ACL on OU's/Users/Groups
  • ACL on AdminSDHolder
  • ACL on GPO's
  • ACL with replication permission
  • Passwords of users
  • Kerberos keys, golden/silver tickets/krbtgt hash
  • Kerberoast
  • Unexpected User User Account Control values
    • Store password using reversible encryption on accounts
  • SIDHistory values

In Config Partition

In DNS

  • Secure Updates

In Group Policy

  • Creation of Security Groups or Users on clients
  • Definition of logon/startup scripts
  • Modification of logon/startup scripts in sysvol
  • Unexpected User Rights Assignments

On DC

Sources

Retrieved from "https://mendelonline.be/wiki/index.php?title=ADDS_Security&oldid=467"