Service Accounts Misconfigurations

medium

Language:

Description

Service accounts require careful management to avoid common misconfigurations, such as excessive privileges, never-renewed passwords, and obsolete accounts. Attackers frequently target these accounts due to these vulnerabilities.

Solution

Attackers often target service accounts due to the challenges in managing them and the common errors in their configuration. Writing comprehensive documentation for each service account is the first step to reducing their risk. Each remaining dangerous configuration requires an associated explanation, and you must implement corrective measures to reduce the attack surface.

Indicator Details

Name: Service Accounts Misconfigurations

Codename: C-SERVICE-ACCOUNT

Severity: Medium

MITRE ATT&CK Information:

Tactic: TA0001 - Initial Access
- Techniques: T1078 - Valid Accounts
Tactic: TA0003 - Persistence
- Techniques: T1078 - Valid Accounts
Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts

Attacker Known Tools

van Hauser / THC: THC-Hydra

Solar Designer: John the Ripper

Jens Steube: Hashcat

Gentil Kiwi: mimikatz

Detections

Analytics