A workflow guide for identifying exposed Active Directory high value groups other than domain administrator.
Last updated
Epiphany tracks all high value groups within its data sets. When dealing with the complexity of Active Directory, Epiphany looks for alternative administrative groups that an attacker could use to get access to high value devices and applications. The Dashboard contains components specifically designed to track group exposures. For the Epiphany-specific process we'll use this workflow:
Go to Identity Tools -> Active Directory.
Check High Value Groups.
High value Groups are the groups within Active Directory that have the ability to use special rights to control various aspects of the domain itself and devices or users within the domain. Epiphany looks for where identities with these rights are exposed within attack paths and displays them to you for easy reconciliation.
Clicking on any piece of the doughnut chart will give you details about the members of that high value group and their type.
From here you can search or explore who is a member of the group and determine if any additional action needs to be taken.
