Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Enumeration is a simple yet important step taken by attackers before or during a network compromise. Identifying malicious requests can be difficult because they can blend with normal LDAP activity. However, these activities should be examined before they potentially enable critical and costly attacks.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
Enumeration is the process of connecting to a system and obtaining information about file shares, directories, and accounts. After an attacker has basic access to a compromised network, LDAP enumeration can help them find valuable information based on directory objects, for example within Active Directory. Through manual probing or with automated tools such as BloodHound, attackers can collect information about users and their attributes, groups, sessions, and more. The attacker can then plot a lateral movement path towards critical assets or admin users in your environment.
Require LDAP signing, which prevents non-domain users from querying the LDAP server
Limit local admin privileges to reduce the information users can enumerate through tools such as Bloodhound
Because securing LDAP servers can be difficult without compromising functionality, monitor and investigate unusual LDAP activity quickly to minimize potential damage
