From 9923b9f12e2fe24ea6764d477dfaad3d11a111a0 Mon Sep 17 00:00:00 2001 From: Rahmat Nurfauzi Date: Mon, 30 Sep 2024 20:13:41 +0700 Subject: [PATCH] Added resources Detecting and Mitigating Active Directory Compromises and Active Directory: Tactical Containment to Curb Domain Dominance --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9244341..6923320 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Active Directory Kill Chain Attack & Defense - +![image](https://github.com/user-attachments/assets/65650d4e-d12d-401f-bda4-4a7d1a2fa96b) ## Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity. @@ -568,6 +568,8 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c |Password Spraying|4625: An account failed to log on
4771: Kerberos pre-authentication failed
4648: A logon was attempted using explicit credentials| ### Resources +* [Detecting and Mitigating Active Directory Compromises](https://www.cisa.gov/resources-tools/resources/detecting-and-mitigating-active-directory-compromises) +* [Active Directory: Tactical Containment to Curb Domain Dominance](https://www.sans.edu/cyber-research/active-directory-tactical-containment-to-curb-domain-dominance/) * [Total Identity Compromise: DART lessons on securing Active Directory](https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/total-identity-compromise-dart-lessons-on-securing-active/ba-p/3753391) * [How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472](https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc) * [Securing Active Directory: Performing an Active Directory Security Review](https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review)