In this thesis, we examined Windows Active Directory and the
possibilities for protecting it against attacks that threatened users and the
integrity of companies relying on this service. We thoroughly analyzed several
types of attacks, including enumeration attacks, Kerberos attacks, password
spraying attacks... All analyzed attacks targeted vulnerabilities within
the Active Directory environment, primarily aiming to obtain credentials,
escalate privileges, and gain unauthorized access to network resources. As
part of the practical work, we simulated various attack scenarios in a secure
test environment and analyzed their impact and characteristics. Based
on the findings, we prepared recommendations for improving the security of
the Active Directory environment, which include appropriate technical and
organizational measures such as proper system configuration, strengthening
password policies, access control, and the implementation of intrusion detection
and response systems. The purpose of this thesis was to contribute to
a better understanding of the risks associated with Active Directory and to
present concrete options for enhancing cybersecurity in modern IT environments.
|
