Impacts

The Impacts page provides a combined list of issues grouped by relevant impact, making it a valuable resource for preparing a remediation roadmap and addressing threats beyond just vulnerabilities. This page also displays Exposure Points and associated Risk levels, helping prioritize actions effectively and focus on the most critical areas to mitigate potential risks.

Each card contains Impact Name as a header and lists of issues that contain Severity, Ease of Mitigation ,Tags, and Exposure Points. Cards are sorted by the risk of impact and issues are sorted by the Ease of Mitigation metric.

FSProtect maps Issues by the Impacts below.

Account Management Issues

Issues that complicated the account management lifecycle and inventory management.

Credential Theft Attacks

Issues that exposed account credentials/sessions in different ways to a possible breach.

AS-REP Roasting

Issues related to a special Kerberos protocol attack vector named AS-REP Roasting.

Exploitation of Unpatched Services

Issues that lead to exploitation of old/unsupported or unpatched versions of services like NETLOGON, RDP, KDC etc.

Exploitation of SMB Protocol

Issues that lead to exploitation of old/unsupported, unpatched, or misconfigured versions of SMB Protocol.

NTLM Relay

Issues related to a special NTLM protocol attack vector named NTLM Relay.

Unconstrained Delegation Exploitation

Issues that lead to exploitation of an insecure way of delegation.

Reconnaissance with Shared Files

Issues that lead to information-gathering attacks through shared files with misconfigured/broad access control entries.

Resource Based Constrained Delegation Exploitation

Issues (backdoors) that lead to exploitation of misconfigured Resource-Based Constrained Delegation method.

Reconnaissance with Null Session

Issues that lead to information-gathering attacks through misconfigured SMB protocol.

Persistence with PrimaryGroupID Modification

Issues related to suspicious modification of PrimaryGroupID attribute to ensure persistence.

Delegation Exploitation

Issues related to precautions about exploitations of multiple delegation methods.

Plaintext Password Extraction from GPP

Issues that exposed generally local administrator account credentials as plain text to everyone in the domain through Group Policy Preferences.

Kerberoasting

Issues related to a special Kerberos protocol attack vector named Kerberoasting.

Golden Ticket

Issues related to precautions about special Kerberos persistence attack vector named Golden Ticket.

Misconfigured Privilege Exploitation

Issues related to misconfigured privileges that break the tiering model which are mostly caused by group memberships and service management.

ACL Based Attack Path Exploitation

Issues that create so many attack paths because of misconfigured/broad access control entry definitions.

Bussiness Continuity Issues

Issues that affect the availability and resilience of the Active Directory.

Privilege Escalation with Builtin Groups

Issues that lead to privilege escalation paths through builtin privileged group memberships.

Persistence with Access Control Entries

Issues related to suspicious modification of access control entries on important objects to ensure persistence.

GPO Management Issues

Issues that complicated the Group Policy lifecyle and inventory management.

PrivExchange

Issues related to Exchange Service and NTLM attack vector that leads to privilege escalation and total domain compromise.

Persistence with SID-History Injection

Issues related to suspicious modification of SIDHistory attributes of objects to ensure persistence.

Reconnaissance with LDAP Protocol

Issues that lead to information-gathering attacks through LDAP protocol which are caused by misconfiguration of the dSHeuristics attribute.

Reconnaissance with NSPI Protocol

Issues that lead to information-gathering attacks through NSPI protocol which are caused by misconfiguration of the dSHeuristics attribute.

Constrained Delegation Exploitation

Issues that lead to exploitation of misconfigured Constrained Delegation method.

Privilege Escalation with Certificate Template Abuse

Issues that lead to privilege escalation through the exploitation of misconfigured Certificate Templates.

Privilege Escalation with Certificate Authority Abuse

Issues that lead to privilege escalation through the exploitation of misconfigured Certificate Authorities.

Privilege Escalation with Certificate Service Abuse

Issues that lead to privilege escalation through the exploitation of misconfigured Certificate Enrollment Services.

PreviousIssues NextAD Identities

Last updated 4 months ago

Was this helpful?

hashtagAccount Management Issues

hashtagCredential Theft Attacks

hashtagAS-REP Roasting

hashtagExploitation of Unpatched Services

hashtagExploitation of SMB Protocol

hashtagNTLM Relay

hashtagUnconstrained Delegation Exploitation

hashtagReconnaissance with Shared Files

hashtagResource Based Constrained Delegation Exploitation

hashtagReconnaissance with Null Session

hashtagPersistence with PrimaryGroupID Modification

hashtagDelegation Exploitation

hashtagPlaintext Password Extraction from GPP

hashtagKerberoasting

hashtagGolden Ticket

hashtagMisconfigured Privilege Exploitation

hashtagACL Based Attack Path Exploitation

hashtagBussiness Continuity Issues

hashtagPrivilege Escalation with Builtin Groups

hashtagPersistence with Access Control Entries

hashtagGPO Management Issues

hashtagPrivExchange

hashtagPersistence with SID-History Injection

hashtagReconnaissance with LDAP Protocol

hashtagReconnaissance with NSPI Protocol

hashtagConstrained Delegation Exploitation

hashtagPrivilege Escalation with Certificate Template Abuse

hashtagPrivilege Escalation with Certificate Authority Abuse

hashtagPrivilege Escalation with Certificate Service Abuse