Active Directory – Attacks and Defense
摘要
Active Directory (AD), created by Microsoft, plays a central role in how most organizations manage user identities, access, and system permissions. Because of its importance in controlling access across enterprise networks, it’s a prime target for cyber attackers. This paper takes a closer look at how AD is structured, highlighting key vulnerabilities and common methods used by attackers—like stealing credentials, escalating privileges, using Pass-the-Hash, or creating Golden Tickets. It also examines real-life security breaches to show just how critical AD security has become. Beyond identifying threats, the paper outlines practical defenses such as improved auditing, network segmentation, hardening of domain controllers, and adopting zero trust models. By bringing together current research and best practices from the field, this study offers cybersecurity professionals and system administrators a clear, actionable guide to better protect their AD setups against today’s increasingly sophisticated threats.