Active Directory attacker misguided - Attivo Networks
Attivo Networks Blogs

Active Directory attacker misguided

ADSecure leads attackers into the virtual Attivo Networks Deception Fabric and fake AD information.

ADSecure acts with deception against the misuse of Active Directory information. According to the manufacturer Attivo Networks, attackers who are looking for information about domain admins or domain controllers are led into a virtual environment full of traps.

ADSecure becomes active as soon as an attacker starts an illegitimate query in Microsoft Active Directory (AD) via a compromised endpoint. The request was first routed to the AD server in a regular manner and processed there properly. However, the answer that comes back from the AD server to the endpoint is modified by ADSecure; the attacker ends up in the virtual Attivo Networks Deception Fabric.

There, the attacker who is looking for information about privileged domain accounts, systems, and other high-quality objects receives fake Active Directory results that render an attacker’s automated tools ineffective. Any attempt to attack this bait environment ran into a virtual trap environment.

By directing attackers into the deception environment, Attivo Networks’ ThreatDefend platform could investigate the attack closely to determine tactics, techniques, and procedures, and gather company-specific threat information for an accelerated response.

Read the complete article here.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

eight − seven =

Ready to find out what’s lurking in your network?

Scroll to Top