Quest Security Guardian comes with the following pre-defined Discoveries for Active Directory vulnerabilities.
|
NOTE: "System" displays in the Created By field of the Discoveries list when a Discovery type is pre-defined. |
Discovery Type | Description |
---|---|
Credential Access | Techniques deployed by adversaries on systems and networks to steal usernames and credentials for re-use. |
Defense Evasion | Techniques used by adversaries to avoid detection. Evasion techniques include hiding malicious code within trusted processes and folders, encrypting or obfuscating adversary code, or disabling security software. |
Discovery | Techniques used by adversaries to obtain information about systems and networks that they are looking to exploit or use for their tactical advantage. |
Initial Access | Techniques used by adversaries to obtain a foothold within a network, such as targeted spear-phishing, exploiting vulnerabilities or configuration weaknesses in public-facing systems. |
Lateral Movement | Techniques that allow adversaries to move from one system to another within a network. |
Persistence | Techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. |
Privilege Escalation | Techniques used by adversaries to gain higher-level privileges on a system, such as local administrator or root. |
Reconnaissance | Techniques used by adversaries to gain a thorough understanding and complete mapping of your environment for later use. |
Additional permission required for specific vulnerabilities
In addition to the permissions required for the hybrid agent, the service account (which the Collect Active Directory object data action uses) must be a member of the Domain Admins group for the following pre-defined vulnerabilities and any vulnerabilities created using the same template.
For the vulnerability gMSA root key access, the account must be a member of the Domain Admins or Enterprise Admins group.
If the required permission is not granted, Assessment results for these vulnerabilities will return as Inconclusive.