Source: thenewstack.io
How Attackers Move from Azure Active Directory to On-Prem AD
https://www.linkedin.com/in/robbinsandy/ Microsoft’s Active Directory (AD) continues to be a primary target for attackers, and as reliance on cloud increases, organizations are under increasing pressure to protect AD beyond just those on-premises deployments. https://azure.microsoft.com/en-us/services/active-directory/ (Azure AD) is Microsoft’s directory services platform for managing and securing identities in the cloud.
In addition, a computer can be joined to both an on-prem AD domain and an Azure AD domain — Microsoft calls this “Hybrid Azure AD join.”
To put it more plainly, pivoting from an Azure AD tenant into an on-prem AD domain can enable attack paths between completely distinct identity management environments and platforms that do not explicitly trust each other, or even know about each other.
Hybrid environments allow adversaries to move from cloud services like Azure AD to on-prem AD and vice versa through new attack paths.
In addition, a computer can be joined to both an on-prem AD domain and an Azure AD domain — Microsoft calls this “Hybrid Azure AD join.”
To put it more plainly, pivoting from an Azure AD tenant into an on-prem AD domain can enable attack paths between completely distinct identity management environments and platforms that do not explicitly trust each other, or even know about each other.
Hybrid environments allow adversaries to move from cloud services like Azure AD to on-prem AD and vice versa through new attack paths.
Related Articles
Community Partners
DevOps Careers