Research Article
BibTex RIS Cite

Windows Aktif Dizin Etki Alanı Servisi ve Kurumsal Ağ Güvenliği: PowerShell Erişiminin Analizi ve Önlemler

Year 2024, Volume: 12 Issue: 3, 475 - 487, 30.09.2024
https://doi.org/10.29109/gujsc.1447924

Abstract

Bu çalışma, Microsoft tarafından geliştirilen ve organizasyonlar için kritik bir bilgi teknolojileri bileşeni olan Windows Aktif Dizin Etki Alanı Servisini ele almaktadır. Bu servis, sunduğu yüksek işlevsellikle dünya genelinde yaygın bir şekilde kullanılmaktadır, ancak aynı zamanda kurumları siber saldırılara karşı savunmasız kılan bir hedef haline gelmiştir. Bu nedenle çalışmada öncelikle Windows PowerShell kabuk katman ortamının kurumsal ağlar için potansiyel tehlikeleri ortaya konulmuştur. Örnek bir kurumsal ağ ortamında Aktif Dizin Etki Alanı Servisi kullanılarak, yetkisiz bir kullanıcı oturumu açan kötü niyetli personelin ağ üzerinde gerçekleştirebileceği saldırılar uygulamalı olarak incelenmiştir. Sonuçlar, kurum içinde personelin kabuk katmana erişebilmesinin büyük güvenlik riskleri oluşturduğunu göstermektedir. Kurumların bu tür saldırılardan korunması amacıyla kabuk katman ortamının güvenliğini artıracak ve potansiyel saldırıları engellemek için etkili bir strateji oluşturmayı amaçlayan önlemler tartışılmıştır. Çalışmanın, kurumsal ağların güvenliğine önemli katkılar sağlayacağı değerlendirilmektedir.

References

  • [1] Market share held by the leading computer (desktop/tablet/console) operating systems worldwide from January 2012 to January 2023, https://www.statista.com/statistics/268237/global-market-share-held-by-operating-systems-since-2009/
  • [2] Grillenmeier, G., Now's the time to rethink Active Directory security, Network Security, No. 7, (2021) 13-16.
  • [3] Kaspersky IT Security Economics, 2022. https://go.kaspersky.com/rs/802-IJN-240/images/IT%20Security%20Economics%202022_report.pdf
  • [4] Biggest Insider Threats of 2022: Lessons Learned and Key Takeaways for 2023, https://www.computer.org/publications/tech-news/trends/key-takeaways-from-2022-cyberthreatseaways-for-2023
  • [5] The 2019 Insider Threat Report, https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/insider-threat-report.pdf
  • [6] Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token, https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/
  • [7] Tesla sues ex-employee for hacking, theft, and leaking to the press, https://www.theverge.com/2018/6/20/17484030/tesla-sues-employee-hacking-theft-leaking
  • [8] Vishnuram, G., Tripathi, K., & Tyagi, A. K., Ethical Hacking: Importance, Controversies and Scope in the Future, IEEE International Conference on Computer Communication and Informatics, Coimbatore, (2022) 01-06.
  • [9] Mokhtar, B. I., Jurcut, A. D., ElSayed, M. S., & Azer, M. A., Active Directory Attacks-Steps, Types, and Signatures, Electronics, 11 No. 16 (2022) 2629-2652.
  • [10] Bertoglio, D. D., & Zorzo, A. F., Overview and open issues on penetration test, Journal of the Brazilian Computer Society, 23 No. 2 (2017) 1-16.
  • [11] Use Alternate Authentication Material: Pass the Hash, MITRE ATT&CK, https://attack.mitre.org/techniques/T1550/002/
  • [12] Steal or Forge Kerberos Tickets, MITRE ATT&CK, https://attack.mitre.org/techniques/T1558/
  • [13] What is PowerShell?, https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.4.
  • [14] Aiello, J., PowerShell Core 6.0: Generally Available (GA) and Supported!, https://devblogs.microsoft.com/powershell/powershell-core-6-0-generally-available-ga-and-supported/
  • [15] Tigner, M., Wimmer, H., & Rebman, C. M. Analysis of Kali Linux Penetration Tools: A Survey of Hacking Tools, International Conference on Electrical, Computer and Energy Technologies, (2021) 1-6
  • [16] Raj, S., & Walia, N. K., A Study on Metasploit Framework: A Pen-Testing Tool, IEEE International Conference on Computational Performance Evaluation (ComPE), (2020) 296-302.
  • [17] Shah, M., Ahmed, S., Saeed, K., Junaid, M., Khan, H., & Ata-ur-Rehman., Penetration Testing Active Reconnaissance Phase – Optimized Port Scanning With Nmap Tool, IEEE 2nd International Conference on Computing, Mathematics and Engineering Technologies, (2019) 1-6.
  • [18] Liao, S., Zhou, C., Zha, Y., Zhang, Z., Zhang, C., Gao, Y., & Zhong, G., Comprehensive Detection Approach of Nmap: Principles, Rules and Experiments Attack Detection based on Domain Attack Behavior Analysis, IEEE International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, (2020).
  • [19] Rozendaal, K., & Mailewa, A. B., A Novel Method for Moving Laterally and Discovering Malicious Lateral Movements in Windows Operating Systems: A Case Study, Advances in Science and Technology, 2, No. 3, (2022) 291-321.
  • [20] Aibekova, A., & Selvarajah, V., Offensive Security: Study on Penetration Testing Attacks, Methods, and Their Types, IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics, (2022) 1-9.
  • [21]Advanced Infrastructure Penetration Testing: Defend your systems from methodized and proficient attackers,https://books.google.com.tr/books?hl=tr&lr=&id=BulODwAAQBAJ&oi=fnd&pg=PP1&dq=pentest+with+powershell&ots=W5iD8S8wry&sig=FNT9erdlvKoVL9Y2emLFyLq4RqI&redir_esc=y#v=onepage&q=pentest%20with%20powershell&f=false
  • [22] Infrastructure Penetration Testing, https://web.archive.org/web/20230310233435id_/http://ikee.lib.auth.gr/record/345496/files/GRI-2023-38338.pdf
  • [23] NIST Technical Guide to Information Security Testing and Assessment, NIST, 09 2008. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf.
  • [24] VMware Workstation Pro, https://www.vmware.com/products/workstation-pro.html.
  • [25] BloodHoundAD, GitHub, https://github.com/BloodHoundAD/BloodHound.
  • [26] skelsec/pypykatz, GitHub, https://github.com/skelsec/pypykatz.
  • [27] Configure added LSA protection, Microsoft, https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
  • [28]RDPCredentialStealer,S12cybersecurity, https://github.com/S12cybersecurity/RDPCredentialStealer/tree/main/RDPCredsStealerDLL/RDPCredsStealerDLL.
  • [29] ParrotSec/Mimikatz, GitHub,https://github.com/ParrotSec/mimikatz.
  • [30] Motero, C. D., Hıguera, J. R. B., Hıguera, J. B., Montalvo, J. A. S., & Gómez, N. G., On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey, IEEE Access, 9, (2021) 09289-109319.

Windows Active Directory Domain Services and Enterprise Network Security: Analysis and Measures for PowerShell Access

Year 2024, Volume: 12 Issue: 3, 475 - 487, 30.09.2024
https://doi.org/10.29109/gujsc.1447924

Abstract

This study discusses the Windows Active Directory Domain Service, developed by Microsoft, and a critical information technology component for organizations. This service is widely used around the world because of the high functionality it offers, but it has also become a target that makes organizations vulnerable to cyber attacks. For this reason, in the study, first of all, the potential dangers of the Windows PowerShell shell layer environment for corporate networks are revealed. Using the Active Directory Domain Service in a sample corporate network environment, the attacks that can be carried out on the network by malicious personnel who log in to an unauthorized user have been practically examined. The results show that internal personnel access to the shell layer poses major security risks. To protect institutions from such attacks, measures that will increase the security of the shell layer environment and aim to create an effective strategy to prevent potential attacks are discussed. It is evaluated that the study will make significant contributions to the security of corporate networks.

References

  • [1] Market share held by the leading computer (desktop/tablet/console) operating systems worldwide from January 2012 to January 2023, https://www.statista.com/statistics/268237/global-market-share-held-by-operating-systems-since-2009/
  • [2] Grillenmeier, G., Now's the time to rethink Active Directory security, Network Security, No. 7, (2021) 13-16.
  • [3] Kaspersky IT Security Economics, 2022. https://go.kaspersky.com/rs/802-IJN-240/images/IT%20Security%20Economics%202022_report.pdf
  • [4] Biggest Insider Threats of 2022: Lessons Learned and Key Takeaways for 2023, https://www.computer.org/publications/tech-news/trends/key-takeaways-from-2022-cyberthreatseaways-for-2023
  • [5] The 2019 Insider Threat Report, https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/insider-threat-report.pdf
  • [6] Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token, https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/
  • [7] Tesla sues ex-employee for hacking, theft, and leaking to the press, https://www.theverge.com/2018/6/20/17484030/tesla-sues-employee-hacking-theft-leaking
  • [8] Vishnuram, G., Tripathi, K., & Tyagi, A. K., Ethical Hacking: Importance, Controversies and Scope in the Future, IEEE International Conference on Computer Communication and Informatics, Coimbatore, (2022) 01-06.
  • [9] Mokhtar, B. I., Jurcut, A. D., ElSayed, M. S., & Azer, M. A., Active Directory Attacks-Steps, Types, and Signatures, Electronics, 11 No. 16 (2022) 2629-2652.
  • [10] Bertoglio, D. D., & Zorzo, A. F., Overview and open issues on penetration test, Journal of the Brazilian Computer Society, 23 No. 2 (2017) 1-16.
  • [11] Use Alternate Authentication Material: Pass the Hash, MITRE ATT&CK, https://attack.mitre.org/techniques/T1550/002/
  • [12] Steal or Forge Kerberos Tickets, MITRE ATT&CK, https://attack.mitre.org/techniques/T1558/
  • [13] What is PowerShell?, https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.4.
  • [14] Aiello, J., PowerShell Core 6.0: Generally Available (GA) and Supported!, https://devblogs.microsoft.com/powershell/powershell-core-6-0-generally-available-ga-and-supported/
  • [15] Tigner, M., Wimmer, H., & Rebman, C. M. Analysis of Kali Linux Penetration Tools: A Survey of Hacking Tools, International Conference on Electrical, Computer and Energy Technologies, (2021) 1-6
  • [16] Raj, S., & Walia, N. K., A Study on Metasploit Framework: A Pen-Testing Tool, IEEE International Conference on Computational Performance Evaluation (ComPE), (2020) 296-302.
  • [17] Shah, M., Ahmed, S., Saeed, K., Junaid, M., Khan, H., & Ata-ur-Rehman., Penetration Testing Active Reconnaissance Phase – Optimized Port Scanning With Nmap Tool, IEEE 2nd International Conference on Computing, Mathematics and Engineering Technologies, (2019) 1-6.
  • [18] Liao, S., Zhou, C., Zha, Y., Zhang, Z., Zhang, C., Gao, Y., & Zhong, G., Comprehensive Detection Approach of Nmap: Principles, Rules and Experiments Attack Detection based on Domain Attack Behavior Analysis, IEEE International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, (2020).
  • [19] Rozendaal, K., & Mailewa, A. B., A Novel Method for Moving Laterally and Discovering Malicious Lateral Movements in Windows Operating Systems: A Case Study, Advances in Science and Technology, 2, No. 3, (2022) 291-321.
  • [20] Aibekova, A., & Selvarajah, V., Offensive Security: Study on Penetration Testing Attacks, Methods, and Their Types, IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics, (2022) 1-9.
  • [21]Advanced Infrastructure Penetration Testing: Defend your systems from methodized and proficient attackers,https://books.google.com.tr/books?hl=tr&lr=&id=BulODwAAQBAJ&oi=fnd&pg=PP1&dq=pentest+with+powershell&ots=W5iD8S8wry&sig=FNT9erdlvKoVL9Y2emLFyLq4RqI&redir_esc=y#v=onepage&q=pentest%20with%20powershell&f=false
  • [22] Infrastructure Penetration Testing, https://web.archive.org/web/20230310233435id_/http://ikee.lib.auth.gr/record/345496/files/GRI-2023-38338.pdf
  • [23] NIST Technical Guide to Information Security Testing and Assessment, NIST, 09 2008. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf.
  • [24] VMware Workstation Pro, https://www.vmware.com/products/workstation-pro.html.
  • [25] BloodHoundAD, GitHub, https://github.com/BloodHoundAD/BloodHound.
  • [26] skelsec/pypykatz, GitHub, https://github.com/skelsec/pypykatz.
  • [27] Configure added LSA protection, Microsoft, https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
  • [28]RDPCredentialStealer,S12cybersecurity, https://github.com/S12cybersecurity/RDPCredentialStealer/tree/main/RDPCredsStealerDLL/RDPCredsStealerDLL.
  • [29] ParrotSec/Mimikatz, GitHub,https://github.com/ParrotSec/mimikatz.
  • [30] Motero, C. D., Hıguera, J. R. B., Hıguera, J. B., Montalvo, J. A. S., & Gómez, N. G., On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey, IEEE Access, 9, (2021) 09289-109319.
There are 30 citations in total.

Details

Primary Language Turkish
Subjects Information Security Management
Journal Section Tasarım ve Teknoloji
Authors

Zeynep Senturk 0000-0002-7978-640X

Erdal Irmak 0000-0002-4712-6861

Early Pub Date August 1, 2024
Publication Date September 30, 2024
Submission Date March 6, 2024
Acceptance Date May 30, 2024
Published in Issue Year 2024 Volume: 12 Issue: 3

Cite

APA Senturk, Z., & Irmak, E. (2024). Windows Aktif Dizin Etki Alanı Servisi ve Kurumsal Ağ Güvenliği: PowerShell Erişiminin Analizi ve Önlemler. Gazi Üniversitesi Fen Bilimleri Dergisi Part C: Tasarım Ve Teknoloji, 12(3), 475-487. https://doi.org/10.29109/gujsc.1447924

                                TRINDEX     16167        16166    21432    logo.png

      

    e-ISSN:2147-9526