Diyako Secure Bow’s Post

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Whitepaper Blue Team Techniques Detecting and mitigating Active Directory compromises 2024: Introduction This guidance – authored by the Australian Signals Directorate (ASD), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) – aims to inform organisations about 17 common techniques used to target Active Directory as observed by the authoring agencies. This guidance provides an overview of each technique and how it can be leveraged by malicious actors, as well as recommended strategies to mitigate these techniques. By implementing the recommendations in this guidance, organisations can significantly improve their Active Directory security, and therefore their overall network security, to prevent intrusions by malicious actors. Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise information technology (IT) networks globally. Active Directory provides multiple services, including Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS). These services provide multiple authentication options, including smart card logon, as well as single sign-on with on-premises and cloud-based services. Active Directory’s pivotal role in authentication and authorisation makes it a valuable target for malicious actors. It is routinely targeted as part of malicious activity on enterprise IT networks. Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues. These issues are commonly exploited by malicious actors to compromise Active Directory. 👇🏻 https://lnkd.in/d9SrFqmR Special Thanks❤️😇👍🏽🙏 Australian Signals Directorate @australian cyber security center Cybersecurity and Infrastructure Security Agency @canadian centre for cyber security National Security Agency National Cyber Security Centre -Secure Business Continuity- 2024.09.27 —————————————————— #CISA #NIST #MicrosoftSecurity #CyberSecurity #AD #SecureBusinessContinuity

CISO as a Service

CISO as a Service

t.me

To view or add a comment, sign in

Explore topics