Attack Surface Analyzer for AD
The Attack Surface Analyzer for AD is equipped with over 25 exclusive reports that help you spot various AD attacks. All AD domains configured for auditing in ADAudit Plus are automatically added for attack surface analysis.
The different attacks that you can detect using ADAudit Plus' Attack Surface Analyzer for on-premises AD are listed below:
- Pass the ticket
- Pass the hash
- DCShadow
- DCSync
- AdminSDHolder ACL tampering
- RID hijacking
- AS-REP roasting
- Kerberoasting
- Recent use of default admin
- Shadow admin
- Primary Group ID
- Golden Ticket
- Silver Ticket
- Security log killer
- PowerShell script block logging
- Constrained delegation
- Unconstrained delegation
- Password extraction
- Password spray
- Reversible password encryption
- Plaintext password in GPO
- Brute-force password detection
- Brute-force username detection
- DSRM password change
- DNS admin escalation
- Suspicious process
- Remote thread
- Ransomware attack
To access the Attack Surface Analyzer for AD:
- Log in to the ADAudit Plus web console.
- Navigate to the Active Directory tab > Attack Surface Analyzer.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding