A Purple Team Playbook against Active Directory Certificate Services attacks
| dc.contributor.advisor | Xenakis, Christos | |
| dc.contributor.advisor | Ξενάκης, Χρήστος | |
| dc.contributor.author | Karagiannakis, Markos | |
| dc.contributor.author | Καραγιαννάκης, Μάρκος | |
| dc.date.accessioned | 2025-04-28T14:27:37Z | |
| dc.date.available | 2025-04-28T14:27:37Z | |
| dc.date.issued | 2025 | |
| dc.identifier.uri | https://dione.lib.unipi.gr/xmlui/handle/unipi/17693 | |
| dc.format.extent | 117 | el |
| dc.language.iso | en | el |
| dc.publisher | Πανεπιστήμιο Πειραιώς | el |
| dc.rights | Αναφορά Δημιουργού-Όχι Παράγωγα Έργα 3.0 Ελλάδα | * |
| dc.rights | Αναφορά Δημιουργού-Όχι Παράγωγα Έργα 3.0 Ελλάδα | * |
| dc.rights | Αναφορά Δημιουργού-Όχι Παράγωγα Έργα 3.0 Ελλάδα | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nd/3.0/gr/ | * |
| dc.title | A Purple Team Playbook against Active Directory Certificate Services attacks | el |
| dc.type | Master Thesis | el |
| dc.contributor.department | Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών Συστημάτων | el |
| dc.description.abstractEN | This thesis investigates critical cybersecurity vulnerabilities associated with Active Directory Certificate Services (ADCS), emphasizing attack vectors and defense strategies within enterprise environments. It specifically analyzes known attack scenarios, identified as ESC1 through ESC11, and the notable CERTIFRIED vulnerability (CVE-2022-26923). To practically illustrate these threats, a detailed laboratory environment utilizing VMware Workstation 17.5 was established, incorporating Kali Linux for offensive testing and Windows Server systems representing a realistic ADCS infrastructure. Through simulated attack scenarios utilizing the Certipy-ad toolkit, this research clearly demonstrates the significant risks posed by ADCS misconfigurations, ranging from privilege escalation to complete domain compromise. Embracing a Purple Team approach—collaboration between offensive (red) and defensive (blue) teams—enabled real-time detection, immediate feedback on attack effectiveness, and iterative improvements in defensive capabilities. Moreover, this study outlines comprehensive defensive measures to mitigate identified vulnerabilities, including strict certificate template hardening, enforcement of CA administrative privilege management, and implementation of continuous monitoring solutions like Wazuh SIEM complemented by meticulous analysis of Windows Event Logs. The iterative Purple Teaming methodology significantly enhanced detection accuracy, response capabilities and overall resilience against ADCS-related threats. | el |
| dc.contributor.master | Ασφάλεια Ψηφιακών Συστημάτων | el |
| dc.subject.keyword | Active Directory Certificate Services | el |
| dc.subject.keyword | Active Directory Domain Services | el |
| dc.subject.keyword | MITRE ATT&CK Framework | el |
| dc.subject.keyword | Purple Team | el |
| dc.subject.keyword | ESC Attack Vectors | el |
| dc.date.defense | 2025-04-25 |
Αρχεία σε αυτό το τεκμήριο
Αυτό το τεκμήριο εμφανίζεται στις ακόλουθες συλλογές
-
Τμήμα Ψηφιακών Συστημάτων
Department of Digital Systems
Εκτός από όπου διευκρινίζεται διαφορετικά, το τεκμήριο διανέμεται με την ακόλουθη άδεια:
Αναφορά Δημιουργού-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Αναφορά Δημιουργού-Όχι Παράγωγα Έργα 3.0 Ελλάδα