Detections
Analytics

Domain Without Computer-Hardening GPOs

medium

Language:

Description

Microsoft places emphasis on maintaining backward compatibility in Active Directory infrastructure, which means that it cannot enable all hardening features.

Solution

Enable hardening GPOs to protect at least privileged users, specifically by disabling obsolete protocols to prevent attackers from exploiting them to elevate their privileges on the Active Directory.

See Also

[MS-NLMP] Session Security Details

MS09-001: Vulnerabilities in SMB could allow remote code execution

Stop using SMB1

A new look at null sessions and user enumeration

MS15-011 - Microsoft Windows Group Policy real exploitation via a SMB MiTM attack

A Practical Guide to PrintNightmare in 2024

Credential Guard overview

SMB NTLM blocking now supported in Windows Insider

The evolution of Windows authentication

Indicator Details

Name: Domain Without Computer-Hardening GPOs

Codename: C-GPO-HARDENING

Severity: Medium

Type: Active Directory Indicator of Exposure

MITRE ATT&CK Information:

Attacker Known Tools

Unknown: WannaCry

Gentil Kiwi: mimikatz