New We plan on releasing bi-monthly edits and updates to the OS-CFDB project! Please check out the search function!
|Internal Penetration Testing
|External Penetration Testing
The technical overview of a finding, not meant to be all-inclusive.
The SYSVOL folder on DC's (Domain Controllers) is a domain-wide network share in Active Directory (AD) to which all authenticated users in the domain have by default read access. The directory contains login scripts, group policy data, and other data that may be needed to be available to all users. The assessment team discovered that scripts within this folder contain sensitive information that may aid an attacker in lateral movement and reconnaissance. Within these scripts also contained clear text credentials to other domain resources.
How a finding result will affect an organization.
If an attacker can gain access to the domain environment, they effectively can use these gathered credentials to attempt privilege escalation. These "User" credentials could result in further lateral movement or the ability to gain unauthorized access to different regions within the domain.
Current plan of action recomended.
he assessment team recommends that scripts used for administration, password changes, authenticated share mounting be removed. Automated password changes and authenticated share mounting should be accomplished with proper AD group delegation. A thorough audit should be conducted domain wide to identify other scripts exposing sensitive data or credentials.