Blogs by Ashwin

  Microsoft Deployment Toolkit The Microsoft Deployment Toolkit (MDT) is a service of Microsoft that can automate the deployment of Microsoft Operating Systems (OS) in large organizations. It helps the organizations to efficiently deploy new images across their IT infrastructure, as the base images can be stored and maintained in a central location. It helps in streamlining the deployment process, ensuring the smooth running of the most up-to-date versions of the OS. Generally, MDT is used with Microsoft's SCCM, which is a tool for managing updates for all Microsoft applications, services, and operating systems. MDT is designed such that it can easily deploy new images, allowing the IT staff to preconfigure and manage boot images. Hence, even if a new device is added to the network, it will be automatically configured with necessary software settings by simply connecting it to the network.  The SCCM is like an extension to the MDT. However, SCCM is responsible for managing updates

  LDAP Bind Credentials Lightweight Directory Access Protocol (LDAP) authentication is another way used by the applications to authenticate with AD. Although LDAP is same as NTLM, but the application directly verifies user credentials via a pair of AD credentials to query LDAP and then verify the AD user's credentials, instead of operating as a challenge-response protocol like NTLM. LDAP authentication is a popular mechanism with third-party applications that integrates with AD like gitlab, jenkins, and different kinds of VPNs.  Every authentication protocol and security system contains some vulnerable ways to exploit them. Similarly, some of the LDAP authentication attack methods that a penetration tester can utilize are: LDAP injection- In this attack, the tester injects malicious LDAP statements into an application's LDAP queries, allowing them to gain unauthorized access to network resources or manipulate data stored in AD.  LDAP authentication bypass- In this one, the test

  Foothold Gaining initial access through valid AD credentials is a must to gain unauthorized access in an AD domain. There are various ways to obtain these credentials. However, itis not necessary for these credentials to have high privileges as they are only required to authenticate to AD and perform further enumeration.  OSINT and Phishing OSINT (Open Source Intelligence) and Phishing techniques are the two most popular methods amongst penetration testers and attackers to gain access of AD credentials.  OSINT is a process of collecting and analyzing publicly available information from various sources, like social media, news websites, and public databases. It helps in gathering information about target organization or individual. It can help a penetration tester to gain information about an organization's AD environment such as the names and titles of employees, the technologies and software they use, and nay information that can prove useful in a targeted phishing attack. Metho

  Basics Authentication Methods There are many authentication methods in an AD environment to verify the identity of a user or a computer. The most common method is password authentication method and every penetration tester must have knowledge of them to take advantage of their features and pivot through the network. Kerberos authentication is a default protocol in the latest Windows versions. If a user logs in to a service via Kerberos, they get a ticket as a proof of their previous authentication. After that, the tickets can be shown to a service, as an authentication proof, to allow further access. Hence, the tester can attack Kerberos to gain unauthorized access. Some of the most common types of attacks are: Brute force attack- Here, the attacker tries to guess the password of a user account or a service account in the AD domain and use it to authenticate to the domain using Kerberos. It can be done with the help of an automatic tool that allows the trying of different password co

  Basics Group Policies Group Policy Objects (GPOs) can centrally manage and configure settings for users and computers. They help the administrators in applying policies, configurations, and settings for specific users or groups of users in an Active Directory domain. It is one of the many powerful tools for system administrators that automate and synchronizes a process. These policies can be used to configure a wide range of settings, and some of them are: Security settings, such as password policy, account lockout policy, and auditing policy. Software deployment and updates. Network and connectivity settings. Desktop and taskbar settings. Internet Explorer settings. Folder redirection and roaming profiles. Remote access and VPN settings. GPOs are very useful and can save time and reduce the risk of errors, because administrators do not have to manually configure each individual computer or user. They also allow easy roll back changes or application of updates to all affected compute

  Basics Trees, Forests, and Trusts There are in-built logical structures called Trees and Forests, within Active Directory, to organize as well as manage the resources and the users in a domain. A tree is a hierarchical structure consisting of a root domain and one or more child domains organized in a hierarchy. All domains in a tree share a common namespace, meaning they have the same naming conventions and naming structure. A forest is a collection of one or more trees that are connected by trust relationships. Trust relationships helps the users present in one tree to access the resources of another tree, if they have required permissions. Forest often represent different business units or organizations that need to share resources but maintain separate identities and namespaces. All trees have trust connection with each other. Trusts that can be established in an AD are: External Trusts- They allow the users of one domain to access the other forest's domain resources. These tr

  Basics Management of Users and Computers Active Directory (AD) management of users and computers is the process of creating, modifying, and deleting user and computer accounts in AD, as well as managing group membership and permissions. AD management of users and computers are important because: Security- AD provides a way to manage user accounts and permissions and helps secure the network. It can also be used to create unique user accounts for each person requiring access, and assign them specific permissions to control what they can do on the network. This offers help in preventing unauthorized access and ensures that only authorized users can have access to the required resources. Productivity- Via AD, it is easier to manage user accounts and permissions. It can help in improving productivity because it allows the users to easily and quickly access the needed resources.  Centralization- AD offers a centralized location for managing users and computers on the network. This will ma