Active Directory (Part 7)

 






Foothold

Gaining initial access through valid AD credentials is a must to gain unauthorized access in an AD domain. There are various ways to obtain these credentials. However, itis not necessary for these credentials to have high privileges as they are only required to authenticate to AD and perform further enumeration. 

OSINT and Phishing

OSINT (Open Source Intelligence) and Phishing techniques are the two most popular methods amongst penetration testers and attackers to gain access of AD credentials. 

OSINT is a process of collecting and analyzing publicly available information from various sources, like social media, news websites, and public databases. It helps in gathering information about target organization or individual. It can help a penetration tester to gain information about an organization's AD environment such as the names and titles of employees, the technologies and software they use, and nay information that can prove useful in a targeted phishing attack. Methods to gather such information are:

  • Google dorking- Advanced search operators of Google can be used to find sensitive information about a target organization, like login pages, unsecured servers, or exposed documents.

  • Public records search- Analyzing public records, such as court documents, corporate filings, and property records, can be used to gather more knowledge of a target organization or individual. 

  • Domain name analysis- Analyzing the domain names registered by an organization can be used to offer information about their online presence and potential discovery of useful subdomains. 

  • Network scanning- Scanning of publicly accessible network resources, like servers and routers, can be used to know more about the technology and software being used the organization. 

Phishing is a type of technique that is used to trick individuals into giving away sensitive information, such as login credentials. The attacker pretends to be a legitimate source and send messages through email, social media, or any other source of communication  to get the malicious work done. Similarly, the penetration tester can use this method to gain initial access into an AD environment via targeted email sent to an employee of an organization disguised as a legit source and request login credentials or other sensitive information. If the employee falls for the trick and revert with the requested information, the tester can use it to gain initial access into the AD environment. Some of its examples are as follows:

  • Email phishing- Sending a targeted email to an employee, pretending to be a legitimate source, such as coworker or a trusted vendor, and requesting login credentials. 

  • Spear phishing- Sending a targeted email to a particular employee or group of employees, with the help of the information gathered via OSINT to make the email seem more legit and increase the probability of success. 

  • SMS phishing- Sending a text message to an employee, pretending to be a legitimate source and requesting login credentials. 

  • Social media phishing- Make use of social media to send a message or post a link that appears to be from a legitimate source, but is designed to trick the recipient into giving away legitimate information.

  • Voice phishing- Using phone calls to trick individuals into giving away sensitive information, such as login credentials. 

Conclusion

In this part, we discussed about two common attack techniques used to gain sensitive information about an organization or network. 











































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)