In estimation around 95 % of Fortune 500 companies run Active Directory. Many features are not secure by default and can be easily misconfigured. Landing a phising attack to compromise a standard domain user might be enough to gain full control over the domain under the right conditions. An example would be the noPac exploit.
https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware
pull down to refresh
0 sats \ 0 replies \ @takaponka 7 Mar 2023
I'm surprised a very large scale attack on AD didn't happen yet.
reply