Active Directory vulnerabilities, exploitations and detection.
Description
This thesis analyzes the security weaknesses in Active Directory, with a specific emphasis on advanced attack techniques that exploit the Kerberos authentication protocol. This research provides a comprehensive examination of several important cyber attacks, including Kerberoasting, Overpass-the-Hash, Silver Ticket, and Golden Ticket. The study focuses on explaining how each attack is done and the consequences of these attacks. Conducted in a controlled virtual lab, the experiments reveal how weak password policies, inadequate monitoring, and outdated encryption methods facilitate unauthorized access and privilege escalation. The results emphasize the necessity of implementing strong security mechanisms, thorough monitoring, and ongoing training to protect the active directory enviroment. Suggested measures to increase organizational security against new threats include the implementation of robust password policies, regular updates to user accounts, the utilization of advanced detection tools, and the implementation of active security approaches.
Originally submitted in July 2024 as a BSc (Hons) Computer Networks & Security thesis at the University of Derby.
Files
Sakellariou_Apostolos_BSc_Thesis_Active_Directory_Vulnerabilities_2024.pdf
Files
(2.4 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:cf56f096eb5a067a4f86c8cdb73d47ca
|
2.4 MB | Preview Download |
Additional details
Dates
- Issued
-
2024-07-01Date of official thesis submission and grading
References
- Medin, T. (2014). Attacking Microsoft Kerberos Kicking the Guard Dog of Hades. In DerbyCon 4.0, Louisville, USA.
- The Mitre Corporation (2020). Steal or Forge Kerberos Tickets: Ker beroasting. https://attack.mitre. org/techniques/T1558/003/.
- Chai, W.andGillis, A.S. (2021) What is Active Directory (AD)?, TechTar get. Available at: https://www.techtarget.com/searchwindowsserver/definition/Active-Directory.
- Microsoft Corporation (2022) Active directory domain services overview, Mi crosoft.com. Available at: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/ virtual-dc/active-directory-domain-services-overview.
- Demers, D. & Lee, H. (2022). Kerberoasting: Case Studies of an Attack on a Cryptographic Authentication Technology. International Journal of Cybersecu rity Intelligence & Cybercrime: 5(2), 25-39. Available at: https://doi.org/10.52306/APYC5265 Copyright © 2022 D Demers and Han narae Lee
- Pocarovsky, S., Koppl, M., Orgon, M. and Bohacik, A., 2022. Kerberos Golden Ticket Attack. In Proceedings of the Computational Methods in Systems and Software (pp. 677-688). Cham: Springer International Publishing.
- Hse(2023) Fortifying your fortress with defense tactics against the Golden Ticket Attack- Hornetsecurity– Cloud security services for businesses, Hornetsecu rity. Available at: https://www.hornetsecurity.com/us/security-information us/golden-ticket-attack/.
- P´erez, E. (2019) Kerberos (ii): How to attack kerberos?, Blckarrow. Available at: https://www.tarlogic.com/blog/how-to-attack-kerberos.
- Metcalf, S. (2017) Detecting kerberoasting activity, Active Directory Security. Available at: https://adsecurity.org/?p=3458.
- Medin, T. (2020) Detecting kerberoasting, RED SIEGE.Available at: https://redsiege.com/tools-techniques/2020/10/detecting-kerberoasting/.
- Splunk Threat Research Team, S. (2022) Detecting active directory kerberos attacks, Splunk . Available at: https://www.splunk.com/en us/blog/security/detecting-active-directory-kerberos attacks-threat-research-release-march-2022.html.
- Petri, D. (2024) Overpass the hash defense, Semperis. Available at: https://www.semperis.com/blog/how-to-defend-against-overpass-the-hash-attack/.
- Saydag, B. and Moore, S. (2019) Defeating pass-the-hash, blackhat.com. Avail able at: https://www.blackhat.com/docs/us-15/materials/us-15-Moore-Defeating%20Pass the-Hash-Separation-Of-Powers-wp.pdf.
- Warren, J. (2023) Overpass-the-hash attack: Principles and detection, Netwrix Blog. Available at: https://blog.netwrix.com/2022/10/04/overpass-the-hash attacks/.
- Petri, D. (2024) How to defend against Golden Ticket attacks, Semperis. Avail able at: https://www.semperis.com/blog/how-to-defend-against-golden-ticket attacks/.
- Manage Engine, L. (2022) Golden Ticket attack, ManageEngine Log360. Avail able at: https://www.manageengine.com/log-management/cyber-security/golden ticket-attack.html.
- Metcalf, S. (2015) Detecting forged kerberos ticket (Golden Ticket & Silver Ticket) use in Active Directory, Active Directory Security. Available at: https://adsecurity.org/?p=1515.
- Ganesh, B. (2021) Detecting and preventing a silver ticket attack , Security Investigation. Available at: https://www.socinvestigation.com/detecting-and preventing-a-silver-ticket-attack/.