Critical Report - Active Directory Risk Quantification and Defense Strategy
Enterprise widely use Active Directory (AD) as a centralized management solution. While Active Directory provides richness of administration functionalities, there also comes with various security risks. From our study, due to information asymmetry, attackers always discover and abuse attack vectors that are often overlooked or rarely seen by the blue teams to compromise entire domain. without clearly define the risk of attack vectors, there cannot be a effective risk control. Therefore, we enumerate the attack vectors in Active Directory environment, quantifying the risk of attack vectors and attack path to provide blue teams a way to analyze the security risks in their AD environment for evaluation and management. Before the end of this talk, we will provide the defense strategy for mitigation and detection.