Skip to content
Infrastructure

Active Directory Assessment

Microsoft’s directory service administers several aspects like permissions, users, computers, groups and policies. It is a popular target with a broad attack surface.

Scope of the pentest

During this assessment, our ethical hackers evaluate your Active Directory environment regarding vulnerabilities and misconfigurations. The test can be conducted on premises or remotely.

Exemplary test objects:

Configuration

We check for a hardened and secure AD configuration.

Policies

We check existing policies for misconfigurations (e.g., password policy)

Permissions

We check assigned permissions (ACL, DACL, ACE)

User accounts

Identification of inactive or overly privileged user accounts

Groups

Identification of sensitive groups and misconfigurations

Computer

Identification of outdated systems with exploitable vulnerabilities

95%

According to statistics from Microsoft, 95 percent of all organisations and 88 percent of Fortune 1000 companies use the Active Directory service. ¹

84 percent of companies state that the results of an AD outage would be severe or catastrophic. ²

60%

Around 60 percent of all companies employ more than 500 user accounts, whose password never expires. ³

Active Directory Assessment

Our approach

Misconfigurations are common when configuring, porting or operating an Active Directory, in part due to the complexity and configuration capabilities of the directory service. This can lead to internal attackers gaining unauthorized access to your company’s systems, services or resources. 

By commissioning an Active Directory Security Assessment, our security experts analyze your Active Directory environment for misconfigurations and existing vulnerabilities from the perspective of an internal attacker.

In the first phase our ethical hackers connect to your internal network without valid credentials. We then identify vulnerabilities that can be exploited on the network level.

In our second phase, we use a low privileged AD account. We connect with these credentials as an authenticated attacker and evaluate your Active Directory environment regarding vulnerabilities, misconfigurations and ways for lateral movement.

Close-up of Male Technician Plugging Network Cable In Network Router

All identified vulnerabilities including our recommendations will be presented in a final report.

The following base checks are part of our tests:

  • Network-based vulnerabilities
  • Active Directory configuration check
  • Group policy check
  • User and permissions check
  • Identification of sensitive groups
  • Inactive user accounts and inactive systems
  • Insecure password policy and file storage
  • Insecure authentication mechanisms

Testing types

Black-Box

Test as an internal attacker without valid credentials for the AD

Grey-Box

Test as a low privileged domain user in the AD

White-Box

Audit as a Domain Admin (DA) including AD-documentation

Standards and qualifications

We follow recognized international standards for our pentest procedure.

Our penetration testers are highly qualified and certified with several recognized hacking certificates.