Published July 2024 | Version v1

Active Directory vulnerabilities, exploitations and detection.

  • 1. ROR icon University of Derby

Description

This thesis analyzes the security weaknesses in Active Directory, with a specific emphasis on advanced attack techniques that exploit the Kerberos authentication protocol. This research provides a comprehensive examination of several important cyber attacks, including Kerberoasting, Overpass-the-Hash, Silver Ticket, and Golden Ticket. The study focuses on explaining how each attack is done and the consequences of these attacks. Conducted in a controlled virtual lab, the experiments reveal how weak password policies, inadequate monitoring, and outdated encryption methods facilitate unauthorized access and privilege escalation. The results emphasize the necessity of implementing strong security mechanisms, thorough monitoring, and ongoing training to protect the active directory enviroment. Suggested measures to increase organizational security against new threats include the implementation of robust password policies, regular updates to user accounts, the utilization of advanced detection tools, and the implementation of active security approaches.

Originally submitted in July 2024 as a BSc (Hons) Computer Networks & Security thesis at the University of Derby.

Files

Sakellariou_Apostolos_BSc_Thesis_Active_Directory_Vulnerabilities_2024.pdf

Additional details

Dates

Issued
2024-07-01
Date of official thesis submission and grading

References