Izisongelo kwisazisi senkampani zihlala zivela, kwaye xa umhlaseli ephula inkqubo yesazisi, impembelelo ihlala ixesha elide kwaye iyabiza. Kulo mxholo, uphicotho-zincwadi kunye nokomeleza i-Active Directory (AD) kunye nomlingani wayo wefu, i-ID ye-Entra / i-Azure AD, ibe yimfuno yemihla ngemihla ye-IT kunye nokhuseleko. Ukukhetha izixhobo ezifanelekileyo kunye nokuqonda ukuba ngamnye unikezela ntoni Linyathelo lokuqala lokuvala izikhewu phambi kokuba umntu azixhaphaze.
Phakathi kwezona zikhetho zasimahla ezaziwa kakhulu yiPurple Knight (Semperis) kunye nePingCastle (eyayidalwa nguVincent Le Toux kwaye ngoku iyinxalenye yeNetwrix ecosystem). Zombini zihamba kakuhle kwaye zibonelela ngoxilongo oluxabisekileyo, kodwa indlela yazo, indlela yokusebenza, kunye nabaphulaphuli ekujoliswe kubo ziyahluka. Bathelekise ngokusondeleyo, ngaphandle kokutyeshela iintsilelo namandla abo.Ikuvumela ukuba wenze isigqibo sokuba usebenzise nini enye okanye enye, okanye kutheni ukudibanisa ukuze ufumane okuninzi kubo.
Ukhuseleko lwesazisi: kutheni kugxilwe kwi-Active Directory kunye ne-ID ye-Entra
I-AD kunye ne-ID ye-Entra zikholisa ukulawula ii-akhawunti, iimvume, ukuqinisekiswa, kunye nobudlelwane bokuthembana; ukuba bayasilela, intliziyo yofikelelo lweshishini iyasilela. Ukungena kwezi nkqubo kunokuhlala kungabonakali iinyanga.Oku kubhentsisa ii-asethi ezibalulekileyo kwaye kuququzelele intshukumo esecaleni. Ke ngoko, ukomeleza ukhuseleko lwesazisi kufuna ukubeka phambili i-Active Directory kunye nelifu layo. Izixhobo zokuvavanya okukodwa zinceda ukufumana umfanekiso ocacileyo womngcipheko, ngelixa izixhobo zokubeka iliso eziqhubekayo zivumela ukungenelela ngexesha elifanelekileyo ukulungisa ukuphambuka.
I-PingCastle: I-snapshot esekelwe ekukhuleni kwimeko ye-AD
I-PingCastle yazalwa njengesixhobo sokuhlola i-Active Directory esaphuhliswa kwi-C # nguVincent Le Toux kwaye yadityaniswa kwimarike kunye noshicilelo olusisiseko lwamahhala ukususela ngo-2017. Injongo yalo kukulinganisa umngcipheko kunye nokukhula kokhuseleko lwe-Active Directory ngokusekelwe kwiimodeli kunye nemithethoukuvelisa ingxelo yempilo kunye nengozi egxile kakhulu kwizigqibo ezisebenzayo.
Yintoni eyenziwa yiPingCastle kakuhle
Enye yamandla ayo kukuguqulela idatha yobugcisa kwiinkcukacha zomxholo: ihlalutya i-Active Directory subprocesses, ubudlelwane bokuthembana, ii-akhawunti ezinelungelo, kunye nezinto eziphelelwe lixesha, phakathi kwezinye izinto. Isiphumo sisiphumo somngcipheko kunye nengxelo eneenkcukacha enokuthi idityaniswe nabanye ukuze kube lula ukuthelekisa ixesha. Ukongeza, ibandakanya imephu ye-Active Directory ukuze ube nombono we-hierarchies kunye neetrasti.Oku kukhawulezisa ukuqondwa kweemeko ezingqongileyo ezintsonkothileyo kwaye kufumanise iindawo ezilityelweyo.
- Umngcipheko kunye novavanyo lwezempilo ngokusekelwe kwiimodeli zangaphakathi kunye nemithetho, kunye namanqaku kunye nengxelo yomngcipheko.
- Ukubonakala kwamalungelo kunye neendlela ezinokubakho kwizinto ezibalulekileyo, ngokugxila kwii-akhawunti zokufikelela okuphezulu.
- Domain kunye nokuthemba imephu ukubona ngeso lengqondo ubudlelwane, kubandakanywa ukuqwalaselwa kokuthembela kunye ne-Azure AD / Entra ID.
- Ukudityaniswa kweengxelo yokulinganisa, ii-KPIs kunye needashbhodi zolawulo (kwihlelo eliphezulu).
I-PingCastle iphinda idlulele ngaphaya koluhlu kwaye yenze iskena sendawo yokusebenza yezenzo ezingakhuselekanga. Ibhaqa abalawuli bengingqi abagqithisileyoizibonelelo ekwabelwana ezikhuselwe kakubi, ubuthathaka njengeWannaCry kunye nezitenxo ngexesha lokuqalisa, nto leyo enceda ukutyhila izinto ezingasemva kunye nobuthathaka babathunywa obunokuthi buququzelele intshukumo esecaleni.
Isebenza njani kwaye ihambisa ntoni
Injini ye-PingCastle iqokelela idatha isebenzisa imibuzo ye-LDAP engenanto kunye ne-WMI, kwaye inokudityaniswa izikripthi ze-powershell, kwaye isebenzisa imodeli yomngcipheko ehlelwe ngokweendidi: izinto eziphelelwe lixesha, ii-akhawunti zamalungelo, iitrasti kunye ne-anomalies. Ingxelo ephumayo igxininisa iingxaki ezibalulekileyo (umzekelo, iiprothokholi zentembeko eziphelelwe lixesha, abathunywa ababuthathaka, uqwalaselo lweKerberos olubuthathaka, okanye iindlela zolawulo ezingakhuselekanga) kwaye inika amanqaku ezempilo e-AD: asezantsi, ngcono.
Kwiindawo ezixubileyo, i-PingCastle inokunika ingxelo malunga nokuba ubudlelwane bokuthembana kunye ne-Azure AD bukhuselwe kakuhle. Ukujongwa kwemephu kunye nokudityaniswa kweziphumo Ziluncedo kakhulu kwimibutho enemimandla emininzi okanye ubudlelwane bokuthembela okuninzi, apho kulula ukuphulukana nomkhondo.
Ushicilelo, ilayisenisi kunye nobubanzi
Uhlelo olusisiseko lusimahla lokuphicotha indawo yakho, ngelixa uMphicothi-zincwadi / uHlelo oluPhakathi kunye noBuchule bongeza ubunakho obuphambili kunye nenkxaso yorhwebo. Imirhumo efana noMphicothi-zincwadi (malunga ne-$ 3.449 / ngonyaka) kunye noBuchule bayathengiswa. (malunga ne-10.347 yeedola kwi-domain ngonyaka), kunye noshicilelo lweShishini oluneempawu zokudibanisa kunye nembono yehlabathi kwiinkampani ezinkulu. Le projekthi isayina iibhinari zayo kwaye ikhuphe ikhowudi phantsi kwelayisensi ye-OSL 3.0 (eNgeyoNzuzo), kunye nezithintelo ekusebenziseni urhwebo olungavumelekanga.
Imida eyaziwayo yePingCastle
Ekuhanjisweni kunye nemimandla emininzi, iingxelo zinokuba nzima kwaye kunzima ukuhamba ukuba iinkqubo zokuhlanganisa kunye neembono azisungulwa. Uhlelo lwasimahla alubandakanyi iingxelo eziphambili okanye izikhokelo ezineenkcukacha zokulungisa.kwaye kugxininiswa kwizalathi zokuvezwa kunye nomngcipheko, hayi kwiimpawu zokulalana esele zenzeke.
I-Purple Knight: Izalathisi zokuvezwa kunye nokuzibandakanya ngokucofa iqhosha
I-Semperis yaphehlelela i-Purple Knight ngo-2021 njengesixhobo sokuhlola ukhuseleko simahla kwi-Active Directory kunye neemeko ezixutyiweyo. Ukususela ngoko, iye yaba yintandokazi ngenxa yokugxila kwayo kwii-Indicators of Exposure (IOE) kunye ne-Indicators of Compromise (IOC). Injongo yalo kukutyhila ukucwangciswa okunobungozi kunye nobungqina bokungena. Kwi-AD, faka i-ID/Azure AD kunye no-Okta.
Izalathisi, iindidi kunye nezikhokelo zereferensi
Amaqela e-Purple Knight aphumela kwiindawo ezintlanu eziphambili: Abathunywa be-AD, uKhuseleko lweZiseko ze-AD, uKhuseleko lweAkhawunti, Ukhuseleko lomgaqo-nkqubo weqela (GPO) kunye noKhuseleko lweKerberos. Ingxelo isebenzisa "ibhulethi" enomlinganiselo ngokodidi kunye nepesenti iyonke., enikezela ngolungiso oluphambili, ubukhali (Ingcaciso, isilumkiso okanye iSilumkiso) kunye neemephu kwiinkqubo ezifana ne-MITER ATT & CK kunye ne-ANSSI, ngaphezu kweereferensi kwimodeli ye-MITER D3FEND.
- Iimpawu ezingaphezu kwekhulu (kwaye iinguqulelo zamva nje zigqithise ngokulula elo nani) ezigquma iivektha zohlaselo eziqhelekileyo.
- Umahluko phakathi kwe-IOE kunye ne-IOC ukwahlula ulungelelwaniso olunokubakho kubungqina bokuthobelana okusebenzayo.
- Izikhokelo zolungiso olumiselweyo kwaye ibekwe phambili ngomngcipheko kunye nokuba nokwenzeka koxhatshazo.
- Ukugquma kweHybrid nge-AD yendawo, Faka i-ID/Azure AD kunye nenkxaso ye-Okta.
Amava omsebenzisi kunye nokunika ingxelo
Isixhobo siyaphatheka kwaye sinembonakalo yomzobo. Ukhuphela ifayile ye-ZIP, uyikhuphe, kwaye usebenzise ibini; ekuqaliseni, ibona amahlathi kunye nemimandla kwaye ikuvumela ukuba ukhethe ukuba yeyiphi i-IOE / IOC ukuba iqhube-i-granularity ukuba amaqela aluhlaza kunye nabomvu ayayixabisa. Ukuskena kuvamise ukugqitywa ngemizuzu kwaye ivelise ingxelo ye-HTML ebandakanya uluhlu lokukhangela lwe-IOE ebalulekileyo kunye neenkcazo ezicacileyo kunye namakhonkco kumaxwebhu.
Ifomati "yekhadi lengxelo" ifanelekile: unobumba kunye nepesenti, ezinobunzima obuhlukeneyo kudidi ngalunye. Iinkcazo ziquka isizathu, impembelelo, ukulingana phakathi kwezicwangciso zokhuseleko, kunye namanyathelo okulungisa.I-Purple Knight isebenza ngendlela yokufunda, ayenzi tshintsho kwi-Active Directory, kwaye "ayibizi ekhaya"; inokuphinda iphindwe ngamaxesha athile ngaphandle komngcipheko kwimveliso.
Ubhaliso, inguqulelo yoluntu kunye nophuhliso
Ukukhuphela isixhobo, iSemperis ifuna ukubhaliswa kwaye ibonelela ngekhonkco; ikwazisa abasebenzisi beenguqulelo ezintsha kunye nokuphuculwa okuqhubekayo. Uhlelo loLuntu luhlaziywa rhoqo Kwaye igcina ipolishi ephawulekayo nangona ubutsha bayo, kunye nophuculo olusekelwe kwingxelo yoluntu.
Imida kunye nendlela encediswa ngayo
I-Purple Knight yenza iimvavanyo zokuphela konyaka; ayisosisombululo esiqhubekayo sokubeka iliso kwaye ayizenzeli ukunciphisa ngokwayo. Olo maleko lubonelelwa nguMkhuseli weeNkonzo zoLawulo (i-DSP) evela kwi-Semperis.eyinkonzo ehlawulwayo kwaye ijoliswe ekufumaneni ingozi yesazisi ngexesha langempela kunye nokuphendula (ITDR), kunye nezilumkiso kunye nokuguqulwa kweenguqu ezinobungozi.
Purple Knight vs PingCastle: yintoni abafana ngayo kunye nendlela abahluke ngayo
Nangona zombini izixhobo zingasetyenziselwa ukuvavanya ukhuseleko lwe-Active Directory kunye nokuxhasa indawo edibeneyo kunye ne-Entra ID / Azure AD, ukugxila kwabo akufani. I-PingCastle ibeka phambili phambili a indlela yokukhula kunye nengxelo "yokuhlolwa kwezempilo" enomngcipheko wamanqaku; I-Purple Knight igxile kwi-IOE/IOC kunye nokubonelela ngesikhokelo solungiso esisebenza kakhulu. Eyokuqala ijonge ngokusondeleyo "imodeli" kunye nemeko ye-AD ecosystem, ngelixa eyesibini ihambisa umfanekiso otyebileyo kakhulu ukulungisa ngokukhawuleza.
Ngokubhekiselele ekusebenziseni ngokulula, i-Purple Knight igqamile kujongano lwayo kunye nokhetho lovavanyo lwegranular; ePingCastle, imephu yesizinda kunye nokuhlanganiswa kwengxelo kukhanye kwimibutho enamahlathi amaninzi kunye neetrasti. Kwingxelo, amaxabiso e-Purple Knight ngokodidi ngamanqaku kunye nepesenti.Kwaye i-PingCastle inikezela ngenqaku lezempilo jikelele apho inani eliphantsi lingcono.
Ukugubungela, i-Purple Knight ibandakanya i-AD, i-ID ye-Entra / i-Azure AD kunye ne-Okta kunye neziphumo zeemephu kwi-MITER ATT & CK kunye ne-ANSSI, ibeka phambili ukulungiswa. I-PingCastle, ngokwenxalenye yayo, inikezela ngohlalutyo lwabathunywa, izinto zakudala, amalungelo asekhaya, kunye nobuthathaka bokuphela.Kwaye inokuvavanya ukhuseleko lokuthembela nge-Azure AD. Ukukwazi ukufumana imimandla elityelweyo kunye nokudibanisa iziphumo yi-plus xa umjikelezo umnyama.
Ngokwemiqathango yelayisenisi, i-Purple Knight inikezelwa njengesixhobo samahhala (emva kokubhaliswa); amandla aqhubekayo kunye nokulungisa ahlala kwi-Semperis DSP, ethengisayo. I-PingCastle inikezela ngohlelo olusisiseko lwasimahla losetyenziso lomntu. kunye nokuhlelwa okuhlawulweyo (uMphicothi-zincwadi/oMgangatho, oBuchule, oShishino) ngokusebenza okwandisiweyo, inkxaso kunye nokwandiswa.
Yiyiphi onokuyikhetha? Ukuba ujonge okukhawulezayo, uvavanyo olucacileyo olunemiyalelo yolungiso oluphambili, iPurple Knight ifanelekile. Ukuba into oyifunayo yindlela yokuvuthwa kunye nemephu yesizinda kunye nokudibanisa umngcipheko Kumakhulu okanye amawaka amacandelo, i-PingCastle inokuba ngcono, ngakumbi ngohlelo lwayo oluhlawulweyo. Enyanisweni, imibutho emininzi isebenzisa zombini: indibaniselwano inika ukuqinisekiswa okunqamlezayo kunye nokugubungela okunzulu.
Iinkcukacha zokuphunyezwa kunye neziphumo
Zombini izixhobo eziphathwayo kwaye zinokuqhutywa kunye neziqinisekiso ezisemgangathweni zomsebenzisi kwiimeko ezininzi, ukuqokelela idatha ngokuyinhloko ngokufunda. Oku kwenza kube lula kumaqela anezixhobo ezinqongopheleyo ukuba amkele. kwaye inqanda ukruthakruthwano kunye neenkqubo zemveliso, kuba azenzi utshintsho.
I-Purple Knight igcina iziphumo zayo kwi-HTML ngesakhiwo esinengqiqo kunye namakhonkco kumaxwebhu, kunye noluhlu lokukhangela olugxininisa oko kungxamisekileyo. Ukucazululwa ngobungqongqo kunye nokubhekiselele kwizakhelo Ibonelela ngomxholo kwiiCISOs kunye namaqela ezobugcisa. I-PingCastle, inxalenye yayo, inikezela ingxelo ngamanqaku, iziphumo eziphambili, kwaye, ukuba zifunwa, iimbono ezidibeneyo ukuququzelela i-KPIs kunye nokubeka iliso ngekota.
Izilumkiso kunye neengqwalasela zokusebenza
Nge-PingCastle, kwiindawo ezininzi zamahlathi okanye kunye nemimandla emininzi, iingxelo zinokufuna umsebenzi owongezelelweyo wokuhamba kunye nokubeka phambili. Uhlelo olusisiseko luswele iimpawu eziphambili kunye nezikhokelo zovavanyo olubanziEzi mpawu zibandakanyiwe kwiilayisensi ezihlawulwayo. I-Purple Knight, ukuba luvavanyo olulodwa, ayithathi indawo yenkqubo yokubeka iliso eqhubekayo, kwaye izakhono zayo zokunciphisa ezizenzekelayo azifumaneki kwinguqulo yamahhala.
Akukho nanye kuzo eyenzelwe ukuba yi-IDS/IPS ye-AD; zizincedisi zokuxilonga ezondla kwizicwangciso zokulungisa nokukhula. Kwiimeko ezinesilumkiso sexesha langempela kunye neemfuno zokuphendulaIzisombululo ze-ITDR ezifana ne-Semperis DSP okanye ukunikezelwa kophicotho-zincwadi okuqhubekayo kuya kudlala.
Ezinye izixhobo ezincedisana ne-ecosystem
Xa kugxininiswa ekuqhubekeni nasekurekhodeni lonke utshintsho olunomxholo, uMphicothi-zincwadi we-Netwrix unikezela ngolawulo lotshintsho kwi-Active Directory kunye nezinye iinkqubo (Utshintshiselwano, i-SQL Server, i-SharePoint, i-Microsoft 365, Amaqela, njl.). Ingqwalasela yayo ikukwazisa abasebenzisi ngotshintsho olukrokrisayo. (umzekelo, ukuba umsebenzisi wongezwe kwiqela leDomain Administrators) kwaye ugcine imbali yoqwalaselo enezimvo eziluncedo kulawulo.
Ukuqonda iindlela zokuhlaselwa kunye nobudlelwane bokulawula, i-BloodHound iyisixhobo esivulekileyo se-classic (GPL-3.0) esibonisa izinto, ubudlelwane, kunye neemvume kwi-AD, kunye nabaqulunqi abafana ne-SharpHound kunye ne-AzureHound. Ingundoqo kumaqela abomvu nakumaqela abhlowu abafuna ukubona ngeso lengqondo "indlela imfutshane" kwiinjongo ezibalulekileyo kwaye bavale iindlela ezinyukayo.
Kwindawo yokuphendula okwenyani kunye nokubeka iliso, uMkhuseli weeNkonzo zeSemperis (DSP) ubonelela ngokubeka iliso okuqhubekayo, izilumkiso, kunye nokubuyela umva ngokuzenzekelayo ekuphenduleni utshintsho olubi, zombini kwi-AD kunye ne-ID ye-Entra. Isebenza njengomaleko we-ITDR ongekhoyo kuvavanyo lwamanqaku. kwaye ikhawulezisa ukugcinwa kweziganeko zesazisi.
I-French ANSSI (i-Arhente yoKhuseleko lweDatha yesiFrentshi) ibonelela ngezixhobo ezifana ne-ORADAD ye-Active Directory kunye ne-ORADAZ ye-Azure / Entra, esetyenziswe kuphicotho oluphambili. Nangona ukuqokelelwa kwedatha kusesidlangalaleni, ukusetyenzwa ngokupheleleyo kufuna izixhobo ezingapapashwanga. Ezi zingqinisiso ezibalulekileyo zamaqela alandela izikhokelo zikarhulumente. okanye unqwenela ukulungelelanisa uphicotho-zincwadi nezona ndlela zingcono ezaziwayo.
Olunye uthelekiso lweemarike lubonisa ukubonelela ngokusingathwa kunye nokuhanjiswa okwahlukeneyo (inkonzo yeWindows, ephathekayo, kwindawo okanye kwi-SaaS), ukulungelelaniswa ne-MITER ATT & CK, ukuthumela ngaphandle kwi-CSV, amandla abaqashiweyo abaninzi kunye neenketho zokwamkela ingozi ngendlela ebhaliweyo. Ngokwesiqhelo, ukhetho luxhomekeke ekulinganiseni uphicotho-zincwadi, ukufumanisa isiganeko, kunye nolawulo oluqhubekayoUkuthathela ingqalelo uhlahlo lwabiwo-mali, ilayisensi (isimahla yokusetyenziswa komntu kwezinye iimeko) kunye nenkxaso yeqabane.
Imibuzo edla ngokubuzwa: Ngaba ndingathintela umsebenzisi ekusebenziseni ezi zixhobo?
Lo ngumbuzo oqhelekileyo xa ufumanisa ukuba izixhobo eziphathwayo zinokusebenza ngaphandle kwamalungelo omlawuli. Ngokubanzi, i-Purple Knight kunye ne-PingCastle zisebenza kwimowudi yokufunda kuphela ngeemvume zomsebenzisi zokubuza uvimba weefayili. Ukuba injongo yakho kukunqanda ukuphunyezwa kwayo, ngoko ke ulawulo lwesicelo luya kudlala.Imigaqo-nkqubo efana ne-AppLocker okanye iWindows Defender Application Control (WDAC), okanye imithetho yothintelo lwesoftware, inceda ukunciphisa iibhinari ezingagunyaziswanga. Ukongeza, ukuqina kweemvume kwi-Active Directory kunciphisa ukuvezwa kwedatha ebuthathaka kubasebenzisi abaqhelekileyo.
Oko kwathiwa, imodeli yokhuseleko ye-AD ithatha ukuba ulwazi oluthile lufundeka ngabasebenzisi abaqinisekisiweyo kuba izicelo ezininzi zixhomekeke kuyo. Ukunciphisa okusebenzayo kubandakanya ukomeleza abathunywa, iindlela zolawulo lophicotho-zincwadi, kunye nokunciphisa amalungelo awodwa.Ukusebenzisa ezi zixhobo ukukhangela kunye nokulungisa oko kungafanelanga kubonakale okanye kuvuleleke. Uthintelo akufuneki luxhomekeke kuphela ekuthinteleni okuphunyeziweyo, kodwa endaweni yokuphelisa umphezulu wohlaselo kwinqanaba loqwalaselo.
Amatyala okusetyenziswa okuqhelekileyo kunye nokudibanisa okuhlakaniphile
Iqela elincinci le-IT elifuna ukuxilongwa ngokukhawuleza kunye nesikhokelo esicacileyo sokusombulula ingxaki siya kuxabisa i-Purple Knight. Ukubekwa phambili ngokobungqongqo kunye nemephu yayo kwizikhokelo ezivumelayo Ivumela abasebenzisi ukuba balungiselele iimvavanyo zokungena, babonise inkqubela phambili, kwaye banxibelelane nemingcipheko kubaphathi. Ngeli xesha, uphicotho-zincwadi lwangaphakathi oluphindaphindiweyo kunye neefemu zokubonisana ezikhonza iindawo ezininzi zixhamla kwimodeli yokuvuthwa kwe-PingCastle, imephu yesizinda, kunye namandla okudibanisa.
Imibutho emininzi iqhuba zombini izixhobo kwimijikelo eyahlukeneyo ukuze ifumane ingqiqo eyongezelelweyo: okokuqala "i-snapshot" kunye ne-IOE / IOC, ilandelwa kuphononongo lweenkqubo kunye nokuvuthwa kunye nokuhlolwa kwezempilo okudityanisiweyo. Ukuqinisekiswa okunqamlezileyo kunciphisa ama-negative amanga kwaye kuphucula ukulungiswa kokubaluleka.ukukhawulezisa ukuvala izikhewu ezibalulekileyo kunye nokunyusa ucoceko lwezazisi kwixesha eliphakathi.
Akukho bullet yesilivere. Ukukhetha kakuhle kubandakanya ukulungelelanisa iimfuno kunye nesakhono: isifinyezo esinezikhokelo ezimiselweyo okanye iimodeli zokuvuthwa kunye neemephu? Uvavanyo olulodwa okanye ukubeka iliso rhoqo nge-ITDR? Impendulo idla ngokuba ngu “ewe, kwaye…” kunokuba athi “okanye”ukudibanisa uvavanyo lwasimahla kunye nezisombululo zokubeka iliso ezilungiselelwe umngcipheko kunye nohlahlo lwabiwo-mali.
Ukuba injongo kukuphucula ngokuzinzileyo ukhuseleko lwesazisi, kuyacetyiswa ukuba ucwangcise uvavanyo rhoqo, ukuphonononga abathunywa kunye neetrasti, kunye nokugcina ucoceko lweakhawunti, iiGPOs (kunye iifayile zeADMX) kunye neKerberos. Ukusetyenziswa okudityanisiweyo kwePurple Knight kunye nePingCastle, kunye notshintsho lophicotho-zincwadi kunye/okanye i-ITDRInika ibhalansi echanekileyo phakathi kokufunyanwa kwangaphambili, ukulungiswa okuphambili, kunye nokubeka iliso okuqhubekayo kwimeko ye-AD kunye ne-ID ye-Entra.