Litcius/Paper detail

Active Directory Attacks—Steps, Types, and Signatures

Basem Mokhtar, Anca Delia Jurcut, Mahmoud Said Elsayed, Marianne A. Azer

2022Electronics15 citationsDOIOpen Access PDF

Abstract

Active Directory Domain is a Microsoft service that allows and facilitates the centralized administration of all workstations and servers in any environment. Due to the wide use and adoption of this service, it has become a target for many attackers. Active Directory attacks have evolved through years. The attacks target different functions and features provided by Active Directory. In this paper, we provide insights on the criticality, impact, and detection of Active Directory attacks. We review the different Active Directory attacks. We introduce the steps of the Active Directory attack and the Kerberos authentication workflow, which is abused in most attacks to compromise the Active Directory environment. Further, we conduct experiments on two attacks that are based on privilege escalation in order to examine the attack signatures on Windows event logs. The content designed in this paper may serve as a baseline for organizations implementing detection mechanisms for their Active Directory environments.

Topics & Concepts

Lightweight Directory Access ProtocolDirectory serviceComputer scienceDirectoryComputer securityOrganizational unitComputer networkDenial-of-service attackWorld Wide WebOperating systemThe InternetUser Authentication and Security SystemsSecurity and Verification in ComputingPersonal Information Management and User Behavior