Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation Logo

Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation

0
Free
Visit Website

Active Directory (AD) Trusts have been a hot topic as of late. In this blog entry, we are going to focus on theoretical examples based on two separate forest domains – A and B. Domain A and Domain B are autonomous and are not members of the same AD forest. However, the trust relationship will change in context of the examples to understand the principle of trust direction. Some Background Info In essence, AD Trusts establish the authentication mechanism between domains and/or forests. AD Trusts allow for resources (e.g. security principals such as users) in one domain to honor the authentication to access resources in another domain. Of note, it is important to understand that simply establishing a trust relationship between two domains does not allow for resources from a theoretical Domain A to access resources in a theoretical Domain B. Resources in Domain A must be authorized (e.g. given permission) to access resources in a theoretical Domain B.

FEATURES

ALTERNATIVES

An open-source credential management platform that provides end-to-end encrypted password sharing and storage capabilities for organizations.

Commercial

Open-source universal secret manager for developers with seamless integration to various cloud services and vaults.

Free

Find leaked credentials by scanning repositories for high entropy strings.

Free

Tool for associating IAM roles to Pods in Kubernetes clusters.

Free

Command-line password manager with GnuPG encryption and colorful interface.

Free

KeeFarce allows for the extraction of KeePass 2.x password database information from memory using DLL injection and CLRMD.

Free

Runs IAM policy linting checks against AWS accounts to identify security best practices and policy errors.

Free

A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.

Free