Seven Common Microsoft Active Directory Misconfigurations that Adversaries AbuseFebruary 7, 2021 – 7:24 AM
The modern IT organization has a wide variety of responsibilities and competing priorities. As a result, cybersecurity is often overlooked in favor of projects that have an immediate impact on business operations. Unfortunately, this operating model inevitably leads to unaddressed vulnerabilities and security misconfigurations in services and Active Directory. We’ll refer to these unknown vulnerabilities and misconfigurations as “Skeletons in the IT Closet.” These skeletons are then leveraged by attackers to move laterally within a network and escalate privileges within the Active Directory domain.
In this blog, we explore seven of the most common system and Active Directory misconfigurations, how adversaries take advantage of them, and how IT and security teams can address them to strengthen their organization’s overall cybersecurity posture.