Hacking Active Directory – From a Pen Tester

Active Directory has changed significantly since its initial rollout in 2000, including both in technology and in how it is used. Years ago, it was focused on connecting to internal resources, file shares, mapped drives and printers. Today’s office may still use many of these functions but have added services that take AD outside of the office walls. Cloud services, such as Office 365 and cloud-provided applications, change the way work is done and how AD connects all this information. Black Hats and White Hats have many methods to achieve their goals. This ranges from highly technical long-term exploits to simple and obvious oversights. Read this whitepaper to find out some of the most typical AD-specific exploits seen today.