Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Enumeration is a simple but important step taken by attackers after an initial network compromise. Attack tools make enumeration relatively easy to perform. Domain trust enumeration can help an attacker map relationships between domains and plan an attack campaign.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
In a Windows Active Directory environment, users, groups, and computers in one domain can access resources in other domains through domain trust relationships. Some types of domain trust relationships grant two-way access between domains, while other relationships grant one-way access (where an entity in a trusted domain can access resources in a trusting domain). Domain trusts are stored in Active Directory with an objectClass of trustedDomain. After infiltrating a network, an attacker creates an LDAP query with this objectClass to an LDAP server or domain controller (DC) to find information about all trust relationships on the current domain. If the attacker discovers a two-way trust relationship, the attacker learns that they can connect to other domains from the compromised device.
Implement the least privilege model for accessing LDAP domain objects to reduce the information users can enumerate through scans and help minimize unnecessary reads or writes to certain objects
Prevent unauthorized access to DCs by strictly managing the users and groups that have domain permissions for retrieving information from a DC
Monitor and investigate unusual DC activity quickly to minimize potential damage
