Austrian Institute of Technology Active-Directory pentesting p1

This research details the findings of a comprehensive Active Directory penetration testing engagement conducted across a series of prepared testing laboratories representing AIT’s infrastructure. The objective was to assess the security posture of the Active Directory environment and identify potential vulnerabilities exploitable by malicious actors.

The penetration testing methodology focused on simulating real-world attack scenarios, utilizing a combination of automated tools and manual techniques. The assessment revealed several critical vulnerabilities within the Active Directory environment, specifically:

Kerberos Unconstrained Delegation:

This vulnerability allowed for the potential compromise of sensitive service accounts and subsequent lateral movement within the network. Exploitation enabled attackers to obtain credentials of users accessing compromised services.


Service Principal Name (SPN) Manipulation:

The research identified instances where SPNs were misconfigured or vulnerable to abuse. This allowed for potential credential harvesting and privilege escalation through attacks such as Kerberoasting.


No Kerberos Pre-Authentication (AS-REP Roasting):

Certain user accounts were found to have Kerberos pre-authentication disabled. This vulnerability enabled attackers to obtain password hashes without needing valid credentials, significantly increasing the risk of password cracking.

DC Sync Attack (DCSync):

This critical vulnerability, a simulation of a DCSync attack, demonstrated the potential for an attacker to replicate domain controller functionality and steal all password hashes within the Active Directory environment, granting complete domain control.

DNS Admin Privileges:

The research showed that admin level DNS privileges allowed for the potential of DNS poisoning, and other attacks that would allow for the redirection of traffic, and other forms of malicious activity.

Technical proof of concept:



This research provides a valuable foundation for Austrian Institute of Technology to strengthen its security posture and protect its critical assets.