Domain with Unsafe Backward-Compatibility Configuration

low

Language:

Description

It is possible to customize Active Directory behavior by adjusting fundamental attributes, but some of these modifications can potentially compromise security.

Solution

Remediate the security-sensitive fields of an Active Directory attribute dSHeuristics.

Indicator Details

Name: Domain with Unsafe Backward-Compatibility Configuration

Codename: C-DSHEURISTICS

Severity: Low

Type: Active Directory Indicator of Exposure

MITRE ATT&CK Information:

Tactic: TA0043 - Reconnaissance
- Techniques: T1592 - Gather Victim Host Information, T1589 - Gather Victim Identity Information, T1590 - Gather Victim Network Information
Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts

Detections

Analytics

Domain with Unsafe Backward-Compatibility Configuration

low

Description

Solution

See Also

Indicator Details