๐ Lesson 4: Active Directory Security Assessment
Comprehensive methodology for assessing Active Directory security posture
๐ Learning Objectives
By the end of this lesson, you will be able to:
- Understand AD security assessment methodology
- Perform comprehensive vulnerability identification
- Execute systematic security testing procedures
- Analyze assessment results and prioritize findings
- Create detailed security assessment reports
- Recommend effective remediation strategies
๐ฏ Assessment Methodology
Assessment Phases
๐ Phase 1: Planning & Reconnaissance
Activities:
- Scope definition and authorization
- Information gathering
- Tool preparation
- Baseline establishment
๐ Phase 2: Enumeration
Activities:
- Domain architecture analysis
- User and group enumeration
- Computer and service discovery
- Trust relationship mapping
โก Phase 3: Vulnerability Assessment
Activities:
- Configuration analysis
- Permission auditing
- Policy evaluation
- Weakness identification
๐ฏ Phase 4: Exploitation Testing
Activities:
- Privilege escalation testing
- Lateral movement validation
- Persistence mechanism testing
- Impact assessment
๐ Phase 5: Reporting & Remediation
Activities:
- Finding prioritization
- Report generation
- Remediation recommendations
- Follow-up planning
๐ Comprehensive Assessment Checklist
Domain Architecture Assessment
๐๏ธ Infrastructure Analysis
๐ฅ Account Security Review
๐ Permission Analysis
Security Configuration Assessment
๐ก๏ธ Group Policy Security
๐ Authentication Security
๐ Monitoring & Logging
๐งช Hands-On Exercise
Exercise: Complete Active Directory Security Assessment
Objective: Perform a comprehensive AD security assessment using the methodology learned in this module.
๐ Assessment Steps:
-
Domain Enumeration
# Domain information gathering Get-ADDomain | Select-Object Name, Forest, DomainMode Get-ADForest | Select-Object Name, ForestMode, SchemaMaster # FSMO role identification netdom query fsmo Get-ADForest | Select-Object SchemaMaster, DomainNamingMaster Get-ADDomain | Select-Object PDCEmulator, RIDMaster, InfrastructureMaster -
User and Group Analysis
# Privileged group enumeration Get-ADGroup -Filter "Name -like '*admin*'" | Select-Object Name, SID Get-ADGroupMember -Identity "Domain Admins" | Select-Object Name, SamAccountName # Service account identification Get-ADUser -Filter "ServicePrincipalName -like '*'" -Properties ServicePrincipalName -
GPO Security Assessment
# GPO enumeration Get-GPO -All | Select-Object DisplayName, Id, CreationTime # GPO permission review Get-GPPermission -Name "Default Domain Policy" -All # Credential search Get-ChildItem \\domain.com\SYSVOL\domain.com\Policies\*\ -Recurse | Select-String "cpassword" -
Trust Relationship Analysis
# Trust enumeration Get-ADTrust -Filter * | Select-Object Name, Direction, TrustType # Trust security analysis Get-ADTrust -Filter * | Select-Object Name, SelectiveAuthentication, SIDFilteringForestAware
๐ Deliverables:
- Comprehensive assessment report
- Vulnerability findings with risk ratings
- Remediation recommendations
- Executive summary
- Technical appendix