Akademik Veri Yönetim Sistemi
12th International Symposium on Digital Forensics and Security (ISDFS 2024), Texas, Amerika Birleşik Devletleri, 29 - 30 Nisan 2024, ss.1-6
Microsoft Active Directory
Domain Service (AD DS) is one of the key components of information technology
(IT) for organizations due to its popularity, underscored by its diverse and
easy to use features. The system plays a pivotal role in centralizing network
management, facilitating user authentication, and simplifying access control,
making it an indispensable tool for seamless and efficient IT infrastructure
operations. On the other hand, the service is targeted by attackers quite often
due to the same popularity and added criticality. This research explores the
Kerberos authentication protocol employed in certain attacks, examines the
methods utilized for achieving persistence in Microsoft AD services (Diamond
Ticket, Golden Ticket, Silver Ticket, Skeleton Key, and AdminSDHolder), and
presents various approaches for detecting and mitigating these security
threats. Additionally, an experimental environment has been created to exhibit
sample applications of the attacks. Detecting and stopping attacks or persistent
operations post-privilege escalation poses a formidable challenge. The focal
point of ensuring IT system security lies in preventing attackers during the
initial phases of an attack. This resource serves as a valuable repository of
information for individuals with IT security tasks within organizations
employing the Microsoft AD Service.