Active Directory Security Audit
Context
Offensive security audit of a clinic's Windows domain and Active Directory: penetration testing, vulnerability identification and remediation plan.
Objectives
- Perform a complete AD security audit
- Identify exploitable vulnerabilities
- Demonstrate risks through proof of concepts
- Propose a corrective action plan aligned with ANSSI/NIST
Methodology
- Reconnaissance: domain enumeration
- Exploitation: controlled penetration tests
- Post-exploitation: privilege escalation
- Report: vulnerabilities and remediations
Tools Used
| Tool | Usage |
|---|---|
| nmap | Network and service scanning |
| enum4linux | SMB/AD enumeration |
| Kerberoasting | Kerberos ticket extraction |
| Mimikatz | Credential extraction |
| BloodHound | AD attack path analysis |
Identified Vulnerabilities (Examples)
| Vulnerability | Criticality | Risk |
|---|---|---|
| Accounts with SPN and weak password | Critical | Kerberoasting -> privileged access |
| NTLM enabled | High | Pass-the-Hash |
| Unconstrained delegation | High | Identity impersonation |
| Cleartext passwords (GPP) | Critical | Immediate compromise |
Deliverables
Pentest Report (PDF)
Detailed document of penetration tests performed and identified vulnerabilities.
Corrective Action Plan (PDF)
Remediation plan with action prioritization according to criticality level.
Presentation (PDF)
Presentation slides for stakeholder reporting.
Skills Acquired
- Security audit methodology
- Pentesting tools usage
- Active Directory vulnerability analysis
- Audit report writing
- Remediation plan development
- Results presentation to stakeholders