Time to Help Microsoft, and the World, Better Understand Active Directory Security

Folks,

Today, the cyber security of every organization’s foundational Active Directory deployment is paramount to their security because Active Directory is the bedrock of organizational cyber security.

Considering that 100% of all major recent cyber security breaches including Snowden, Target, JP Morgan, Sony, Anthem and the OPM data breach involved the compromise and misuse of just one Active Directory Privileged User account, and considering the potentially colossal impact that an Active Directory Security breach could have on an organization, what else could be more important?

Now, for many years perpetrators have been using credential-theft attacks (Pass-the-Hash, Golden Tickets etc.) to gain privileged access in Active Directory, predominantly by targeting Windows machines to steal any administrative credentials that could be locally found on them. However, as credential-theft attacks become harder to enact, perpetrators have started shifting their focus and efforts on directly targeting and exploiting weaknesses within the Active Directory itself. The most concrete evidence of this is the introduction of the DCSync feature in the credential-theft hacking tool Mimikatz, that can exploit and leverage the presence of unauthorized/excessive “effective permissions” in Active Directory to effortlessly compromise the credentials of all domain accounts.

In our vast global experience of having assisted thousands of organizations from across the world for over a decade now, we have found that the foundational Active Directory deployments of most organizations worldwide may not yet be sufficiently protected from attacks aimed directly at identifying and exploiting such weaknesses within the Active Directory itself, primarily due to a complete lack of technical guidance (and consequently a lack of sufficient awareness) on the most critical aspects of Active Directory Security.

Thus, to help Microsoft (and organizations worldwide) better understand what it takes to sufficiently enhance the security of foundational Active Directory deployments worldwide, starting May 22, 2017, we will conduct a free 30-day blog series titled Advanced Active Directory Security School. For 30 days, each day, we will address a new topic. A shareable flyer can be downloaded here.

Everyone working on Active Directory and Cyber Security at Microsoft (and anywhere else), including Microsoft’s Windows/AD Product Dev Team, Azure Team, Cyber Security Team, Microsoft Consulting Services, Product Support Services, TwC Group, Microsoft IT, etc. is cordially invited, as are all IT and Cyber Security professionals at thousands of organizations across the world.

If you’re into Active Directory Security, you likely won’t want to miss this. We start on May 22, 2017, online, over at – http://www.active-directory-security.com.

Best wishes,
Sanjay