Active Directory Testing

Active Directory is a directory service that Microsoft developed for the Windows domain network. It is most commonly used in an IT infrastructure to manage users and computers in the organization with a single point of control as “domain controller”. Active Directory is used by over 90% of Fortune Companies in order to manage the resources efficiently. Active Directory (AD) penetration testing in a Windows environment consists of simulating the actions of an attacker having access to the corporate network. This access can be physical or through an infected workstation. The primary goal is to find vulnerable assets which impact the organisation perimeter and to suggest actions plans to improve this AD security posture. The objective of Active Directory testing is to identify security issues within an organisation’s internal networ

Process of AD Pentest

In delivering the AD penetration testing services, we use a combination of automated and manual scanning methods and utilizes commercial and publicly available tools as well as custom scripts and applications that were developed by Ingram Micro. The penetration testing process consists of the following steps:

• Internal reconnaissance: Begins with the privileges of a standard user. It aims to find local system vulnerabilities it can exploit and gain local administrator privileges. During this phase, information about the AD infrastructure is gathered with non-privilege user access.

• Admin reconnaissance: If the enumeration with standard is restricted and no local administrator is possible, administrator credentials can be used to further the recon steps.

• Identify vulnerabilities: Based on information gathered in the two previous phases, we identify weak services running in your network or applications that have known vulnerabilities.

• Exploitation: Using readily available code or creating customized code to take advantage of identified vulnerabilities and gain access to the vulnerable target system.

• Privilege escalation: In some cases, the existing vulnerability provides low-level access only, such as normal user access with limited privileges. In this step, we attempt to gain full administrative access on the machine.

• Domain admin credentials: With domain admin access, attempts are made to compromise the forest root and attain dominance over the organisation’s AD network.