Oct 16, 2018
1 0

Shadow Admins: What Are They and How Can You Defeat Them

Written by

Read My This Article Very Carefully.

Managing something you don’t even know exists in your network is always a challenge. This is why the problem of stealthy or shadow admins needs to be acknowledged by security officers. after all, it only takes compromising a single account with elevated privileges to put the security of an entire company in jeopardy – Tech and Security.

So, who are these shadow admins and what strategies may help you combat the threats they pose? Keep on reading to find answers to these questions.

Shadow admins: what are they?

When talking about the shadow or stealthy admins, we are referring to the accounts that were delegated admin-level privileges in Active Directory, usually with a direct permission assignment. This is why these shadow admins can also be called delegated admins.

In general, there are four main groups of privileged accounts:

  • Domain admins
  • Local admins
  • Application/services admins
  • Business privileged accounts

Any of these categories may have both legitimate and shadow administrative accounts. However, while legitimate privileged accounts are easy to identify, stealthy admins are not members of any of the default administrative groups in Active Directory and, therefore, can’t be found that easily. As a result, many organizations simply don’t take delegated admins into account when looking for privileged users in Active Directory.

Ignoring delegated admins is not an option though. These accounts can possibly have unrestricted control over legitimate Active Directory admins and be able to:

  • change passwords for privileged accounts
  • change permissions on the existing admin groups or accounts
  • add new accounts to the existing administrative groups
  • create new admin groups in Active Directory, and so on.
READ ALSO  Use an ESP8266 Beacon Spammer to Track Smartphone Users

Therefore, a successful attack on just one delegated admin account can have consequences just as devastating as when a legitimate privileged account was compromised.

Let’s take a closer look at the main risks posed by shadow admins.

Top risks posed by unmanaged admin accounts

The presence of stealthy administrators in your network creates a variety of problems, including:

  • Cybersecurity risks
  • Financial risks

Unmanaged privileged accounts are like a Christmas gift for the attackers. Since they are often not taken into account by an organization’s cybersecurity policy, they can be easier to compromise while still providing the attackers with unrestricted access to your company’s critical data.

With the increased risks of data leakage, the presence of shadow admins in the network creates additional financial risks for the company. Not to mention that the news about the loss of valuable, sensitive data can cause severe damage to the company’s reputation.

In April 2017, for instance, Oracle’s Solaris operating platform was targeted by hackers using shadow admins to get into the system. In particular, there were two malicious programs discovered (EXTREMEPARR and EBBISLAND) that were able to elevate the rights of existing users to the administrative level. Thus, they turned regular users into shadow admins with remote root access to platform networks.

The only way to mitigate risks posed by such accounts is by identifying all shadow admins within your network and managing them effectively. In the next section, we talk about the ways you can find and manage all administrative accounts in your company’s network.

Best practices for detecting and managing shadow admins

As of today, there are two ways you can detect delegated admins in your network and mitigate the risks they pose:

  • By analyzing Access Control Lists (ACLs) on Active Directory
  • By building an effective privileged access management strategy
READ ALSO  Hack to Learn and Not learn to Hack

ACLs analysis. When trying to identify all of the privileged accounts present in your company’s network, look for the tools that scan ACLs and analyze effective permissions rather than an account’s presence in a particular Active Directory group. Thus, you’ll be able to find even the accounts that were delegated additional privileges without being added to any of the admin groups on Active Directory.

Once identified, make sure that only legitimate administrators (such as members of Domain Admin groups) are granted such critical privileges as Replicating Directory Changes AllReset Password, or Full Control.

Privileged access management. Building a well thought out privileged access management strategy can also help you solve the problem of stealthy admins. Your cybersecurity strategy should include two measures:

  • Continuous monitoring and audit of the network
  • Effective management of privileged access to critical data and assets

Audit and monitoring are important for several reasons. First and foremost, it ensures a better level of visibility within the network: you gain the knowledge about who can access what. Secondly, all information gathered at this stage is essential for investigating security incidents should any of them take place in your organization.

When monitoring your network, pay special attention to the following factors:

  • What accounts have elevated privileges and can access your company’s critical assets (who can access particular servers or domains, who can work with your company’s sensitive information)
  • What privileged accounts and elevated permissions were added just recently (to identify a possible attack in progress)
  • If there’re any suspicious activities (a sudden use of a “dead” privileged account, an admin logging in from an unusual IP address, and so on)
READ ALSO  How are changes made to Bitcoin ? Understanding Bitcoin Improvement Proposals - BIPs !

Ensuring an appropriate level of privileged access management is the second step in building an efficient cybersecurity strategy and combating shadow admins. Once you know who can access your company’s valuable data, you can take the necessary measures to either secure or dismiss these accounts. Consider implementing the least-privilege approach for all privileged accounts and assigning any elevated permissions only on an “as needed” basis.

When looking for an efficient solution to these problems, turn your attention to Ekran System. It’s a universal platform for monitoring, auditing, and managing both regular and privileged users. This platforms gives you a full visibility into your network and allows taking proactive measures for preventing privilege misuse at any level.


Delegated or shadow administrative accounts can pose a serious threat to an organization’s cybersecurity when remaining undiscovered. However, identifying stealthy admins isn’t enough – you need to manage them effectively in order to mitigate any cybersecurity and financial risks they can pose. While ACLs scanning works well for discovering accounts with elevated permissions, the only way you can effectively manage and secure these accounts is by implementing an appropriate level of Privileged Access Management.

Now Guys, Tell Me Who Told Whatsapp Is Safe. Need Some Modification With Lots Of Night Work. Comment Below Your Think.

Article Tags:
· · · · ·
Article Categories:
Hacking · In-Depth Concepts


Comments to Shadow Admins: What Are They and How Can You Defeat Them

  • Mail Order Medications From Canada Cephalexin Dog [url=http://addrall.com]alli weight loss pills for sale[/url] How to buy isotretinoin Riverside Cephalexin Pneumonia Usa Voltaren Tablet No Perscription Azithromocin Tablets [url=http://via100mg.com]viagra[/url] Cheap Online Cialis Amoxicillin And Blood Pressure What Is Keflex Zenegra 100 Buy From Usa [url=http://rxbill7.com]cheap cialis online[/url] Achat Kamagra 25 Mg Viagra Estuvo Aqui Canadianhealthcaremall Kamagra Duracion Get Viagra Free Samples [url=http://ordercheapvia.com]online pharmacy[/url] Cialis Tadalafil Cheapest Online Propecia Euro Sinusitis Zithromax Cialis Commande [url=http://mailordervia.com]buy viagra[/url] Amoxicillin Safety Dosing For Dogs None Prescribtion Drug Canada Abalify Whats The Best Mg Of Viagra Cialis Spedizione Anonima [url=http://bestlevi.com]levitra for sale on ebay[/url] Will Propecia Work For Me Testosterone Levels Comprar Cialis Barcelona Low Price Viagra Pills For Sale

    JeaInorse December 22, 2018 9:24 am Reply
  • Buy Vardenafil 40 Mg Malaysia Cealis [url=http://tadalafonline.com]canadian cialis[/url] Malegra 100 Pro Purchase Discount Bentyl Internet Online Jersey City Canadian Viagra Without Prescription [url=http://genericviabuy.com]viagra prescription[/url] What Will Outdated Cephalexin Do Osu Levitra En France Ciprofloxin [url=http://viaacost.com]generic viagra[/url] Mobic 7.5 High

    JeaInorse January 6, 2019 10:38 am Reply

Leave a Reply

Your email address will not be published. Required fields are marked *