Our clients often argue that the more advanced and complex the characteristics of an Active Directory structure, the greater the control delegation list. An Active Directory administrator often needs help. CQR Company will solve all your problems. Namely, we will create help for you in the following aspects:
- Detect users who created and/or deleted other users or an Active Directory group
- We recognize the initiators of enabling and blocking the user
- Find out the email address where the domain user’s passwords have been changed
Why you can
At first glance, Windows gives professionals the ability to view and analyze logs. But if you’ve dealt with AD auditing before, you know that these tools are not without flaws.
Let’s take the Event Viewer console. You are ready to start the GPO Audit. And suddenly you understand: the program provides only basic options for viewing and searching for information about events occurring in the system. Alas, even working with the best console, you, in fact, were left without processing, grouping or aggregating huge amounts of information.
Why is this happening? The task of conducting a GPO audit depends entirely on the capabilities and level of training of a system administrator or information security engineer. But professionals from CQR Company will use specific scripts, such as PowerShell or VBS, to develop a log-based import and search system. After all, we are not only engaged in auditing, but we are looking for a creative approach to any task.
CRYEYE ACTIVE DIRECTORY
Active Directory, as the center of your organization’s infrastructure, ensures the secure and efficient operation of dedicated hardware, virtual network, and physical media. And CryEye ensures uninterrupted secure operation of AD.
We’re not only configuring and maintaining Active Directory, but optimize processes as well.
For this purpose we have developed our own automation for AD security audit and monitoring of AD vulnerabilities and attacks
- User created an executable file which allows to enter additional data about domain,domain name and password and check which type of audit he is looking for.
- Download an active directory agent to drop inside the windows system in order to collect and monitor all necessary data for AD security audit.
- Active directory Monitoring will allow you to monitor all changes related to security of the environment.
- Our automatic GPO audit will collect all needed data to create full understanding of all security issues in the infrastructure.
- Monitor AD activity
- Check Vulnerabilities ( Kerberoastable)
- Enumerate shares
- Spray passwords
- Certificate abuse
- Audit passwords ( Only domain controller)
- Offensive audit
- All users
- Open shares
- Outdated OS software with filters
- Show computers where Domain Admins are logged in
- Custom query
- MSSQL list and links
- Listing the active directory in a directory.
- Calculate Kerberos token sizes for the entire domain.
- Analyze and export AD ACLs across the entire domain.
- Analysis of AD security permissions and validation of effective AD accesses.
- Audit privileged access to AD.
- Users with passwords that do not expire. Service accounts that are vulnerable to Kerberoasting.
- Excessive benefits for shadow domain administrators.
- Old, shared, abandoned and test accounts.
- Service accounts that are members of domain administrators.
- A large number of users in privileged groups.
- Admin amount attributes are set for normal users.
- Bad security practices.
- Forgotten/lost entries.
- Identification of backdoors.
- Definition of all confidential information.
- Encryption of data at rest.
- Data encryption during transmission.
- Backup and emergency plan.
- GPO misconfigurations
- Shared folders
- Basic active directory healthcheck
- Policy misconfiguration
- Active directory password policy and lockouts
- Overpriviliged users
- ACL abuse
- Ceritifcate abuse techniques
- Check on Trusted links and relationship
- MSSQL security auditing
- Exchange server inside AD testing
- Kerberoastable and ASTERRoast users
- NTDS audit
- Inactive, Disabled, Test users analysis
- Active directory Open Shares
- Known CVES on domain controller
- Outdated software in use in AD
- AD security audits checklist:
- Enumerate active directory memberships
- Compute Kerberos token sizes domain-wide
- Analyze AD security permissions and audit AD effective access
- Audit privileged access In AD
- Users with non expiring passwords
- Service accounts vulnerable to Kerberoasting
- Excessive privileges allowing for shadow domain admins
- Old, shared, abandoned and test accounts
- Service accounts being members of domain admins
- High number of users In privileged groups
- Admin count attribute set on common users
- Security bad practices
- Forgotten entries
- Backdoors detection
- Sensitive data in AD shares
- Identify all sensitive information.
- Missing of Encryption of data at rest and in transit.