In the space of Active Directory, Azure and Windows OS platform security, we provide a wide range of security services from Active Directory assessments to highly individual analysis projects based on specific customer questions and requirements for selected Microsoft products.
We assess the current security state of an Active Directory environment compared to industry standards and security best practices with tools developed inhouse as well as publicly available and well-known security software. Thereby, we focus on technical configuration issues as well as on operational and organizational issues. We provide a fully-fledged audit report with a management summary, detailed finding descriptions and finding ratings together with prioritized and reasonable mitigation recommendations.
We test and highlight the security posture of an Active Directory environment as ethical hackers by means of a skilled and motivated attacker with tools developed inhouse as well as publicly available and well-known security software. We identify attack paths and perform lateral movement and privilege escalations in any kind of customer-defined setting and attack scenario (black box, grey box, white box pentest from considerate/stealthy to aggressive). We provide a fully-fledged pentest report with a management summary, detailed finding descriptions and finding/vulnerability ratings together with prioritized and reasonable mitigation recommendations.
We assess the implementation of specific Azure and Microsoft 365 Software-as-a-Service (SaaS) services compared to industry standards and security best practices. Here, we focus on implemented authorization and permission concepts, management of security principals, technical configurations that are under the control of the customer as well as well as potential privilege escalation paths. We provide a fully-fledged audit report with a management summary, detailed finding descriptions and finding ratings together with prioritized and reasonable mitigation recommendations.
In the context of the SiSyPHuS Win10 study for the Federal Office for Information Security (BSI) we deepened our Windows OS know-how and published deep technical content about security relevant components and functions of the Windows 10 OS. We perform Windows OS platform security assessment such as:
We provide a wide range of consulting services in the space of Active Directory, Azure and Windows OS platform security. Apart from specific customer requirements that we satisfy, our bestsellers in the consulting space are:
We frequently review security concepts of Active Directory and Azure environments as well as security concepts for specific components or aspects of Microsoft-based environments, such as concepts for MFA, Windows PKIs, AD FS servers, or AppLocker and Windows Defender Application Control.
We develop and create hardening guidelines for our customers in the space of Active Directory, Azure and Windows OS platform security. In the context of the SiSyPHuS Win10 study for the Federal Office for Information Security (BSI) we published a comprehensive hardening guide as well as an extensive logging guideline, both for Windows 10.
Currently, we provide the following security trainings in the space of Active Directory, Azure and Windows OS platform security:
These trainings can be booked:
Heise Security provides the following webinars about Active Directory security with ERNWs Active Directory specialists. These webinars are available at: