The Assumed Breach simulates a scenario where an attacker has already gain access to the internal infrastructure and it explores the different paths that may be abused to compromise the Active Directory Domain, emulating the advanced ransomware groups tactics and techniques
TESTING APPROACH
- Traffic analysis
- Spoofing
- Local privilege escalation
- Local persistency
- Lateral movement
- Credentials dump (Mimikatz)
- Attack paths (Bloodhound)
- Access Control List (ACL) review
- Open network shares
- Password policy
- Password spraying
- Domain enumeration
- Kerberoasting
- Unconstraint/Constrained delegation
- SQL links
- Active Directory Certificate Services (AD CS)
Deliverables
- Scoping meeting
- Statement of work
- Automated scanning
- Manual pentesting
- Technical report
- Executive summary
- Presentation meeting
- Retest of mitigations
> TRIPLA SECURITY 