Detections
Analytics

Dangerous Trust Relationships

high

Language:

Description

If an attacker gains access to a single Active Directory domain, they can easily expand their attack to the entire infrastructure if the relationships between domains and forests are not properly filtered.

Solution

Limit dangerous trust relations as much as possible and regularly review their existence if needed for functional reasons.

See Also

Managing Trusts

Managing Forest Trusts

Indicator Details

Name: Dangerous Trust Relationships

Codename: C-DANGEROUS-TRUST-RELATIONSHIP

Severity: High

MITRE ATT&CK Information:

Tactics: TA0008, TA0001

Techniques: T1199