Attackers are changing their attacks and organizations are not prepared. As many organizations are still trying to secure their environment against traditional attacks, the attackers are now altering their efforts. The attackers are going directly after the core IAM solution for nearly 95% of the world: Active Directory. Attackers are now looking deeper into object and attribute configurations to exploit raw access and functionality within Active Directory. The reality is that many attacks bypass the event logging and look like routine access. Here we will discuss some of the new attacks, and what you can do to deny these attacks.
Technical Level: Medium