SECURITY TESTING OF ACTIVE DIRECTORY

Abstract

Identity and Access Management (IAM) is essential for organizations in this era of connectivity. Microsoft Active Directory (AD) is one of the most commonly used IAM service providers. It has various applications, such as user authentication and access management. The Microsoft AD also has, by default, certain misconfigurations and vulnerabilities that can lead to different cyberattacks such as LLMNR poisoning, SMB relay, Kerberoasting, etc., allowing cybercriminals to gain control of the network without using any malware. This research is focused on in-depth security testing of the AD approach based on the MITRE ATT&CK Framework. To conduct security testing of the AD environment, an experimental setup mimicking the default AD setting was created. In total, nine attacks were performed on the experimental setup. Each attack is a result of exploiting either a misconfiguration or a vulnerability. All the attacks were linked to the MITRE ATT&CK attack and mitigation techniques. Remediation and mitigation of the AD environment were performed for different attacks. The security testing process was supported by empirical evidence and adequately documented. The prior research focused on AD-related attacks and mitigation related to the Kerberos authentication protocol. This research covers attacks based on protocols such as LLMNR, SMB, IPv6, and Kerberos. This thesis has developed an AD hardening guide based on the mitigation strategies for the attacks covered in the security testing of the AD. Its goal is to provide recommendations to mitigate the attacks, helping the system administrators, network administrators, and other concerned individuals dealing with AD effectively defend their network against the attacks covered in this research.