Abstract:
Identity and Access Management (IAM) is essential for organizations in this era of
connectivity. Microsoft Active Directory (AD) is one of the most commonly used IAM
service providers. It has various applications, such as user authentication and access
management. The Microsoft AD also has, by default, certain misconfigurations and
vulnerabilities that can lead to different cyberattacks such as LLMNR poisoning, SMB
relay, Kerberoasting, etc., allowing cybercriminals to gain control of the network without
using any malware. This research is focused on in-depth security testing of the AD
approach based on the MITRE ATT&CK Framework. To conduct security testing of the
AD environment, an experimental setup mimicking the default AD setting was created. In
total, nine attacks were performed on the experimental setup. Each attack is a result of
exploiting either a misconfiguration or a vulnerability. All the attacks were linked to the
MITRE ATT&CK attack and mitigation techniques. Remediation and mitigation of the
AD environment were performed for different attacks. The security testing process was
supported by empirical evidence and adequately documented. The prior research focused
on AD-related attacks and mitigation related to the Kerberos authentication protocol. This
research covers attacks based on protocols such as LLMNR, SMB, IPv6, and Kerberos.
This thesis has developed an AD hardening guide based on the mitigation strategies for the
attacks covered in the security testing of the AD. Its goal is to provide recommendations
to mitigate the attacks, helping the system administrators, network administrators, and
other concerned individuals dealing with AD effectively defend their network against the
attacks covered in this research.
