Definition
The Active Directory penetration test deals with the widely used directory service from Microsoft:
- Microsoft Active Directory “on premise” and/or
- Microsoft Entra ID (formerly Microsoft Azure AD)
The directory service is an essential component of every IT environment and is therefore a lucrative target for attackers.
In an AD penetration test, a pentester checks the Active Directory implementation for a secure configuration, identifies inactive user accounts and groups, examines policies for misconfigurations, verifies authorizations for compliance and uncovers systems with outdated operating systems.
The AD penetration test is based on the “best practice” published by Microsoft for securing Active Directory environments and the globally known benchmarks of the “Center for Internet Security (CIS)” for Microsoft.
Requirements
To ensure that a penetration test can be carried out smoothly and successfully, some organizational and technical preparations must be made.
Scope
With the introduction of the hacker paragraph (§202c StGB), an “ethical hacker” is obliged to define the test scope with the client in advance.
Intensity
Penetration tests can be designed differently and more or less invasively depending on the situation. DriveByte offers three intensities for penetration tests defined by the BSI.
Location
The test location must be defined for individual test objects or for the project in general. In most cases it is possible to check all test objects via the Internet during penetration tests by using a “jump host”, so the physical presence of a pentester is not necessary.
Conditions
Various test conditions can be defined for all or individual test objects. The test conditions can be defined by the customer and bindingly recorded in the template.
Timeline
A regulated and pre-defined test period is a prerequisite for the efficient execution of a penetration test. Depending on the customer's wishes and the availability of the service provider, the customer sets a binding test period in the template.
Responsibilities
For a successful penetration test, the client and contractor must define who is responsible for the project to be carried out. A project manager and a technical contact person must be defined on the client's side.
Procedure
DriveByte recognizes the Penetration Testing Execution Standard PTES as a reference framework for the execution of penetration tests. The PTES consists of seven main sections:
startPre-Engagement
searchIntelligence Gathering
crisis_alertThreat Modelling
bug_reportVulnerability Analysis
dangerousExploitation
dynamic_feedPost-Exploitation
summarizeReporting
Documentation
The vulnerabilities found are grouped according to criticality and affected test objects and documented in detail. DriveByte uses the widely used Common Vulnerability Scoring System CVSS 4.0 to assess the vulnerabilities found.
descriptionDescription of Scope
listList of Test Conditions
shortcutExecutive Summary
startProcedure Description
terminalVulnerability Listing
flagRecommended Countermeasures
Do you know how secure your Active Directory is?
Identify security gaps in your Active Directory and avoid costly consequences. Arrange a free consultation now.
Frequently asked questions
We will answer the most important questions in advance so that you are well informed.
What does an Active Directory penetration test cost?
What are black, white and grey box penetration tests?
How long does an Active Directory penetration test take?
Will a penetration test affect business operations?
What are the prerequisites for a penetration test?
What happens if a security vulnerability is found?
Is a penetration test a one-off measure?
Is there a final report following the test?