{"id":7621,"date":"2023-08-19T07:10:00","date_gmt":"2023-08-19T00:10:00","guid":{"rendered":"https:\/\/vacif.com\/?p=7621"},"modified":"2024-06-24T04:02:14","modified_gmt":"2024-06-24T04:02:14","slug":"top-10-phuong-thuc-tan-cong-active-directory-pho-bien","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/top-10-phuong-thuc-tan-cong-active-directory-pho-bien\/","title":{"rendered":"TOP 10 PH\u01af\u01a0NG TH\u1ee8C T\u1ea4N C\u00d4NG ACTIVE DIRECTORY (AD) PH\u1ed4 BI\u1ebeN"},"content":{"rendered":"\n

T\u1ed5ng quan :<\/strong><\/p>\n\n\n\n

Active Directory (AD) \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed9t ph\u1ea7n quan tr\u1ecdng c\u1ee7a h\u1ec7 th\u1ed1ng th\u00f4ng tin c\u1ee7a doanh nghi\u1ec7p. Tuy nhi\u00ean, \u0111i\u1ec1u n\u00e0y c\u0169ng \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c n\u00f3 tr\u1edf th\u00e0nh m\u1ed9t m\u1ee5c ti\u00eau h\u1ea5p d\u1eabn \u0111\u1ed1i v\u1edbi c\u00e1c k\u1ebb t\u1ea5n c\u00f4ng. \u0110\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng AD kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng \u0111e d\u1ecda an ninh, vi\u1ec7c hi\u1ec3u r\u00f5 v\u1ec1 c\u00e1c ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn l\u00e0 \u0111i\u1ec1u c\u1ef1c k\u1ef3 quan tr\u1ecdng. Trong b\u00e0i vi\u1ebft n\u00e0y, ch\u00fang ta s\u1ebd kh\u00e1m ph\u00e1 “Top 10 ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng v\u00e0o Active Directory h\u00e0ng \u0111\u1ea7u” \u0111\u1ec3 gi\u00fap b\u1ea1n nh\u1eadn bi\u1ebft, hi\u1ec3u v\u00e0 \u0111\u1ed1i ph\u00f3 v\u1edbi nh\u1eefng nguy c\u01a1 ti\u1ec1m \u1ea9n. T\u1eeb vi\u1ec7c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1ebfn x\u00e2m nh\u1eadp qua c\u00e1c ph\u01b0\u01a1ng ph\u00e1p x\u00e3 h\u1ed9i kh\u00e9o l\u00e9o, danh s\u00e1ch n\u00e0y s\u1ebd gi\u00fap b\u1ea1n t\u00ecm hi\u1ec3u v\u1ec1 nh\u1eefng th\u00e1ch th\u1ee9c an ninh m\u00e0 m\u00f4i tr\u01b0\u1eddng AD \u0111ang ph\u1ea3i \u0111\u1ed1i m\u1eb7t v\u00e0 c\u00e1ch th\u1ee9c \u0111\u1ec3 b\u1ea3o v\u1ec7 n\u00f3 m\u1ed9t c\u00e1ch t\u1ed1t nh\u1ea5t.<\/p>\n\n\n\n

M\u1ee5c l\u1ee5c :<\/p>\n\n\n\n

I. Active Directory (AD) l\u00e0 g\u00ec ?<\/strong><\/p>\n\n\n\n

II. C\u00e1c ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng Active Directory ph\u1ed5 bi\u1ebfn nh\u1ea5t<\/strong><\/p>\n\n\n\n

III. C\u00e1ch th\u1ee9c ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng trong m\u00f4i tr\u01b0\u1eddng AD<\/strong><\/p>\n\n\n\n

N\u1ed9i dung b\u00e0i vi\u1ebft :<\/strong><\/p>\n\n\n\n

I. Active Directory (AD) l\u00e0 g\u00ec ?<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Active Directory (AD) l\u00e0 m\u1ed9t d\u1ecbch v\u1ee5 qu\u1ea3n l\u00fd th\u01b0 m\u1ee5c v\u00e0 x\u00e1c th\u1ef1c do Microsoft ph\u00e1t tri\u1ec3n, th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong m\u00f4i tr\u01b0\u1eddng h\u1ec7 th\u1ed1ng Windows. N\u00f3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 qu\u1ea3n l\u00fd, t\u1ed5 ch\u1ee9c v\u00e0 l\u01b0u tr\u1eef th\u00f4ng tin v\u1ec1 ng\u01b0\u1eddi d\u00f9ng, m\u00e1y t\u00ednh, t\u00e0i nguy\u00ean m\u1ea1ng v\u00e0 c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng kh\u00e1c trong m\u1ed9t m\u1ea1ng doanh nghi\u1ec7p.<\/p>\n\n\n\n

AD ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t h\u1ec7 th\u1ed1ng th\u01b0 m\u1ee5c trung t\u00e2m, cho ph\u00e9p qu\u1ea3n tr\u1ecb vi\u00ean t\u1ea1o, c\u1eadp nh\u1eadt v\u00e0 x\u00f3a th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u00e0i nguy\u00ean trong m\u1ea1ng. M\u1ed9t s\u1ed1 ch\u1ee9c n\u0103ng quan tr\u1ecdng c\u1ee7a Active Directory bao g\u1ed3m:<\/p>\n\n\n\n

    \n
  • X\u00e1c th\u1ef1c v\u00e0 \u1ee7y quy\u1ec1n:<\/strong> AD cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng nh\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng v\u00e0 truy c\u1eadp c\u00e1c t\u00e0i nguy\u00ean m\u1ea1ng m\u1ed9t c\u00e1ch an to\u00e0n th\u00f4ng qua vi\u1ec7c x\u00e1c th\u1ef1c th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 qu\u1ea3n l\u00fd \u1ee7y quy\u1ec1n truy c\u1eadp.<\/li>\n\n\n\n
  • Qu\u1ea3n l\u00fd ng\u01b0\u1eddi d\u00f9ng v\u00e0 nh\u00f3m:<\/strong> Qu\u1ea3n tr\u1ecb vi\u00ean c\u00f3 th\u1ec3 t\u1ea1o v\u00e0 qu\u1ea3n l\u00fd t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng, c\u0169ng nh\u01b0 t\u1ea1o c\u00e1c nh\u00f3m \u0111\u1ec3 t\u1ed5 ch\u1ee9c ng\u01b0\u1eddi d\u00f9ng v\u00e0 qu\u1ea3n l\u00fd quy\u1ec1n truy c\u1eadp.<\/li>\n\n\n\n
  • Qu\u1ea3n l\u00fd m\u00e1y t\u00ednh:<\/strong> AD cung c\u1ea5p kh\u1ea3 n\u0103ng qu\u1ea3n l\u00fd m\u00e1y t\u00ednh trong m\u1ea1ng, cho ph\u00e9p c\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh t\u1eeb xa, c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m, v\u00e0 theo d\u00f5i tr\u1ea1ng th\u00e1i c\u1ee7a c\u00e1c m\u00e1y t\u00ednh.<\/li>\n\n\n\n
  • Cung c\u1ea5p d\u1ecbch v\u1ee5:<\/strong> AD cung c\u1ea5p c\u00e1c d\u1ecbch v\u1ee5 nh\u01b0 qu\u1ea3n l\u00fd c\u00e1c m\u00e1y in, t\u00e0i li\u1ec7u, \u1ee9ng d\u1ee5ng, v\u00e0 c\u00e1c d\u1ecbch v\u1ee5 kh\u00e1c trong m\u1ea1ng.<\/li>\n\n\n\n
  • B\u1ea3o m\u1eadt:<\/strong> Active Directory cung c\u1ea5p kh\u1ea3 n\u0103ng thi\u1ebft l\u1eadp ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt, ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp v\u00e0 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u quan tr\u1ecdng trong m\u1ea1ng.<\/li>\n<\/ul>\n\n\n\n

    AD \u0111\u00f3ng vai tr\u00f2 quan tr\u1ecdng trong vi\u1ec7c t\u1ed5 ch\u1ee9c v\u00e0 qu\u1ea3n l\u00fd m\u00f4i tr\u01b0\u1eddng m\u1ea1ng doanh nghi\u1ec7p. Tuy nhi\u00ean, do s\u1ef1 quan tr\u1ecdng v\u00e0 nh\u1ea1y c\u1ea3m c\u1ee7a th\u00f4ng tin \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong AD, n\u00f3 c\u0169ng tr\u1edf th\u00e0nh m\u1ed9t m\u1ee5c ti\u00eau quan tr\u1ecdng \u0111\u1ed1i v\u1edbi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0 vi\u1ec7c b\u1ea3o v\u1ec7 AD lu\u00f4n l\u00e0 m\u1ed9t v\u1ea5n \u0111\u1ec1 quan tr\u1ecdng \u0111\u1ed1i v\u1edbi c\u00e1c t\u1ed5 ch\u1ee9c.<\/p>\n\n\n\n

    II. C\u00e1c ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng Active Directory ph\u1ed5 bi\u1ebfn nh\u1ea5t<\/strong><\/p>\n\n\n

    \n
    \"\"<\/figure>\n<\/div>\n\n\n

    1. Kerberoasting<\/strong><\/p>\n\n\n

    \n
    \"\"<\/figure>\n<\/div>\n\n\n

    C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Kerberoasting nh\u1eb1m v\u00e0o c\u00e1c t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5 trong Active Directory b\u1eb1ng c\u00e1ch t\u1eadn d\u1ee5ng thu\u1ed9c t\u00ednh SPN (ServicePrincipalName) tr\u00ean c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng. Khi c\u00e1c d\u1ecbch v\u1ee5 x\u00e1c th\u1ef1c ch\u00ednh m\u00ecnh, ch\u00fang s\u1ebd \u0111\u0103ng k\u00fd th\u00f4ng tin SPN v\u00e0o c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng AD. K\u1ebb t\u1ea5n c\u00f4ng s\u1ebd c\u1ed1 g\u1eafng nh\u1eafm v\u00e0o c\u00e1c t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5 n\u00e0y v\u00e0 thay \u0111\u1ed5i gi\u00e1 tr\u1ecb SPN \u0111\u1ec3 ph\u00f9 h\u1ee3p v\u1edbi m\u1ee5c \u0111\u00edch c\u1ee7a h\u1ecd, \u0111\u1eb7c bi\u1ec7t khi t\u00e0i kho\u1ea3n thu\u1ed9c c\u00e1c nh\u00f3m c\u00f3 \u0111\u1eb7c quy\u1ec1n. Do \u0111\u00f3, t\u1ed5 ch\u1ee9c c\u1ea7n li\u00ean t\u1ee5c gi\u00e1m s\u00e1t c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c thay \u0111\u1ed5i kh\u00f4ng b\u00ecnh th\u01b0\u1eddng \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n tr\u00ean c\u00e1c gi\u00e1 tr\u1ecb SPN. \u0110\u1ed3ng th\u1eddi, c\u00e1c t\u00e0i kho\u1ea3n d\u1ecbch v\u1ee5 c\u1ea7n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 b\u1eb1ng m\u1eadt kh\u1ea9u m\u1ea1nh \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n.<\/p>\n\n\n\n

    2. Password Spraying<\/strong><\/p>\n\n\n\n

    \u1ede \u0111\u00e2y, k\u1ebb t\u1ea5n c\u00f4ng t\u1eadn d\u1ee5ng m\u1ed9t danh s\u00e1ch c\u00e1c m\u1eadt kh\u1ea9u v\u00e0 c\u00e1c m\u00e3 b\u0103m m\u1eadt kh\u1ea9u \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp tr\u01b0\u1edbc \u0111\u00f3 \u0111\u1ec3 th\u1eed c\u00e1ch \u0111\u1ed9t nh\u1eadp v\u00e0o m\u1ed9t t\u00e0i kho\u1ea3n. V\u00ec h\u1ea7u h\u1ebft c\u00e1c h\u1ec7 th\u1ed1ng x\u00e1c th\u1ef1c th\u01b0\u1eddng kh\u00f3a ng\u01b0\u1eddi d\u00f9ng sau nhi\u1ec1u l\u1ea7n \u0111\u0103ng nh\u1eadp kh\u00f4ng th\u00e0nh c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd th\u1eed c\u00e1c s\u1ef1 k\u1ebft h\u1ee3p kh\u00e1c nhau c\u1ee7a t\u00ean ng\u01b0\u1eddi d\u00f9ng cho \u0111\u1ebfn khi h\u1ecd t\u00ecm th\u1ea5y m\u1ed9t k\u1ebft qu\u1ea3 ph\u00f9 h\u1ee3p. T\u1ea5t nhi\u00ean, vi\u1ec7c \u0111\u1ea3m b\u1ea3o nh\u00e2n vi\u00ean s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u m\u1ea1nh l\u00e0 m\u1ed9t \u00fd t\u01b0\u1edfng t\u1ed1t, v\u00e0 khi c\u00f3 kh\u1ea3 n\u0103ng, s\u1eed d\u1ee5ng x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng. S\u1eed d\u1ee5ng m\u1ed9t gi\u1ea3i ph\u00e1p duy tr\u00ec danh s\u00e1ch c\u00e1c m\u1eadt kh\u1ea9u v\u00e0 m\u00e3 b\u0103m m\u1eadt kh\u1ea9u \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp tr\u01b0\u1edbc \u0111\u00f3 c\u0169ng c\u00f3 th\u1ec3 hi\u1ec7u qu\u1ea3 trong vi\u1ec7c ph\u00e1t hi\u1ec7n c\u00e1c n\u1ed7 l\u1ef1c \u0111\u0103ng nh\u1eadp kh\u00f4ng b\u00ecnh th\u01b0\u1eddng.<\/p>\n\n\n\n

    3. Local Loop Multicast Name Resolution (LLMNR)<\/strong><\/p>\n\n\n\n

    Local Loop Multicast Name Resolution (LLMNR) l\u00e0 m\u1ed9t t\u00ednh n\u0103ng m\u1ea1ng trong h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows, \u0111\u1eb7t Active Directory v\u00e0o t\u00ecnh tr\u1ea1ng nguy c\u01a1. LLMNR cho ph\u00e9p gi\u1ea3i quy\u1ebft t\u00ean m\u00e1y m\u00e0 kh\u00f4ng y\u00eau c\u1ea7u s\u1eed d\u1ee5ng m\u00e1y ch\u1ee7 DNS. G\u00f3i tin multicast \u0111\u01b0\u1ee3c ph\u00e1t \u0111i tr\u00ean m\u1ea1ng, y\u00eau c\u1ea7u \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u1ed9t t\u00ean m\u00e1y c\u1ee5 th\u1ec3. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ng\u0103n ch\u1eb7n nh\u1eefng g\u00f3i tin n\u00e0y v\u00e0 tuy\u00ean b\u1ed1 r\u1eb1ng \u0111\u1ecba ch\u1ec9 IP li\u00ean k\u1ebft v\u1edbi t\u00ean m\u00e1y c\u1ee7a h\u1ecd. T\u00ednh n\u0103ng n\u00e0y kh\u00f4ng c\u1ea7n thi\u1ebft n\u1ebfu H\u1ec7 th\u1ed1ng T\u00ean Mi\u1ec1n (DNS) \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u00fang c\u00e1ch. V\u00ec v\u1eady, c\u00e1ch hi\u1ec7u qu\u1ea3 nh\u1ea5t \u0111\u1ec3 gi\u1ea3m thi\u1ec3u nguy c\u01a1 n\u00e0y l\u00e0 \u0111\u01a1n gi\u1ea3n l\u00e0 t\u1eaft ho\u00e0n to\u00e0n LLMNR.<\/p>\n\n\n\n

    4. Pass-the-hash v\u1edbi Mimikatz<\/strong><\/p>\n\n\n\n

    Pass-the-hash l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 \u0103n c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp t\u1eeb Active Directory v\u00e0 c\u0169ng t\u1ea1o \u0111i\u1ec1u ki\u1ec7n cho vi\u1ec7c di chuy\u1ec3n ngang qua m\u00f4i tr\u01b0\u1eddng. K\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng m\u1ed9t c\u00f4ng c\u1ee5 c\u00f3 t\u00ean g\u1ecdi l\u00e0 Mimikatz, m\u00e0 khai th\u00e1c l\u1ed7 h\u1ed5ng c\u1ee7a giao th\u1ee9c x\u00e1c th\u1ef1c NTLM \u0111\u1ec3 gi\u1ea3 m\u1ea1o m\u1ed9t ng\u01b0\u1eddi d\u00f9ng v\u00e0 tr\u00edch xu\u1ea5t c\u00e1c b\u0103m th\u00f4ng tin \u0111\u0103ng nh\u1eadp t\u1eeb b\u1ed9 nh\u1edb. T\u1ed5 ch\u1ee9c c\u1ea7n \u0111\u1ea3m b\u1ea3o r\u1eb1ng c\u00e1c b\u0103m c\u1ee7a t\u00e0i kho\u1ea3n c\u00f3 \u0111\u1eb7c quy\u1ec1n kh\u00f4ng \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef t\u1ea1i n\u01a1i c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng tr\u00edch xu\u1ea5t. H\u1ecd c\u0169ng n\u00ean xem x\u00e9t k\u00edch ho\u1ea1t B\u1ea3o v\u1ec7 LSA v\u00e0 s\u1eed d\u1ee5ng ch\u1ebf \u0111\u1ed9 Qu\u1ea3n tr\u1ecb H\u1ea1n ch\u1ebf cho Remote Desktops (Kho\u1ea3ng m\u1ea1ch qu\u1ea3n tr\u1ecb t\u1eeb xa).<\/p>\n\n\n\n

    5. Default Credentials<\/strong><\/p>\n\n\n\n

    C\u00e1c c\u00f4ng ty th\u01b0\u1eddng qu\u00ean thay \u0111\u1ed5i m\u1eadt kh\u1ea9u m\u1eb7c \u0111\u1ecbnh tr\u00ean c\u00e1c thi\u1ebft b\u1ecb\/h\u1ec7 th\u1ed1ng, v\u00e0 k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd t\u00ecm ki\u1ebfm nh\u1eefng thi\u1ebft b\u1ecb\/h\u1ec7 th\u1ed1ng n\u00e0y \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o m\u1ea1ng c\u1ee7a b\u1ea1n. T\u1ed5 ch\u1ee9c ph\u1ea3i \u0111\u1ea3m b\u1ea3o r\u1eb1ng h\u1ecd thay \u0111\u1ed5i m\u1eadt kh\u1ea9u m\u1eb7c \u0111\u1ecbnh v\u00e0 duy tr\u00ec m\u1ed9t danh s\u00e1ch h\u00e0ng t\u1ed3n kho c\u1eadp nh\u1eadt v\u1ec1 t\u1ea5t c\u1ea3 c\u00e1c thi\u1ebft b\u1ecb m\u1ea1ng. C\u00f3 th\u1ec3 c\u0169ng \u0111\u00e1ng xem x\u00e9t s\u1eed d\u1ee5ng m\u1ed9t gi\u1ea3i ph\u00e1p t\u1ea1o m\u1eadt kh\u1ea9u ng\u1eabu nhi\u00ean cho ng\u01b0\u1eddi d\u00f9ng v\u00e0 thi\u1ebft b\u1ecb trong doanh nghi\u1ec7p.<\/p>\n\n\n\n

    6. Hard-coded Credentials<\/strong><\/p>\n\n\n\n

    Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m s\u1ebd nh\u00fang th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee9ng v\u00e0o c\u00e1c \u0111o\u1ea1n m\u00e3, \u0111i\u1ec1u n\u00e0y m\u1ed9t c\u00e1ch r\u00f5 r\u00e0ng l\u00e0 m\u1ed9t nguy c\u01a1 v\u1ec1 b\u1ea3o m\u1eadt, \u0111\u1eb7c bi\u1ec7t l\u00e0 khi th\u00f4ng tin \u0111\u0103ng nh\u1eadp cung c\u1ea5p quy\u1ec1n truy c\u1eadp \u0111\u1eb7c bi\u1ec7t. C\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n c\u00f3 th\u1ec3 \u0111\u00e3 nh\u00fang th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee9ng v\u00e0o \u0111\u1ec3 ki\u1ec3m tra ch\u1ee9c n\u0103ng c\u1ee7a \u0111o\u1ea1n m\u00e3 v\u00e0 sau \u0111\u00f3 qu\u00ean lo\u1ea1i b\u1ecf ch\u00fang. B\u1ea5t k\u1ec3 nguy\u00ean nh\u00e2n l\u00e0 g\u00ec, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd n\u1ed7 l\u1ef1c t\u00ecm c\u00e1c \u0111o\u1ea1n m\u00e3 ch\u1ee9a th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee9ng, m\u00e0 h\u1ecd c\u00f3 th\u1ec3 t\u1eadn d\u1ee5ng. Qu\u1ea3n tr\u1ecb vi\u00ean c\u1ea7n lu\u00f4n ch\u00fa \u00fd theo d\u00f5i t\u1ea5t c\u1ea3 c\u00e1c t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u00fang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u00fang m\u1ee5c \u0111\u00edch.<\/p>\n\n\n\n

    7. Privilege Escalation<\/strong><\/p>\n\n\n\n

    K\u1ebb t\u1ea5n c\u00f4ng m\u1ea1ng th\u01b0\u1eddng t\u00ecm c\u00e1ch truy c\u1eadp v\u00e0o c\u00e1c t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng ti\u00eau chu\u1ea9n b\u1eb1ng c\u00e1ch khai th\u00e1c c\u00e1c ph\u01b0\u01a1ng ph\u00e1p \u0111\u00e1ng k\u1ec3 c\u1ee7a vi\u1ec7c s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u k\u00e9m ch\u1ea5t l\u01b0\u1ee3ng. Sau khi h\u1ecd \u0111\u00e3 th\u00e0nh c\u00f4ng trong vi\u1ec7c truy c\u1eadp, h\u1ecd s\u1ebd n\u1ed7 l\u1ef1c t\u0103ng c\u01b0\u1eddng \u0111\u1eb7c quy\u1ec1n c\u1ee7a m\u00ecnh th\u00f4ng qua vi\u1ec7c \u00e1p d\u1ee5ng k\u1ef9 thu\u1eadt x\u00e3 h\u1ed9i, khai th\u00e1c l\u1ed7 h\u1ed5ng trong ph\u1ea7n m\u1ec1m\/ph\u1ea7n c\u1ee9ng, s\u1eed d\u1ee5ng sai c\u1ea5u h\u00ecnh, tri\u1ec3n khai ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, v\u00e0 nhi\u1ec1u chi\u1ebfn thu\u1eadt kh\u00e1c. T\u1ed5 ch\u1ee9c c\u1ea7n duy tr\u00ec m\u1ed9t danh s\u00e1ch h\u00e0ng t\u1ed3n kho c\u1eadp nh\u1eadt v\u1ec1 nh\u1eefng t\u00e0i kho\u1ea3n n\u00e0o c\u00f3 quy\u1ec1n truy c\u1eadp v\u00e0o ngu\u1ed3n t\u00e0i nguy\u00ean n\u00e0o, \u0111\u1eb7c bi\u1ec7t l\u00e0 ngu\u1ed3n t\u00e0i nguy\u00ean quan tr\u1ecdng. C\u00e1c t\u00e0i kho\u1ea3n ph\u1ea3i \u0111\u01b0\u1ee3c c\u1ea5p ph\u00e9p v\u1edbi \u00edt \u0111\u1eb7c quy\u1ec1n c\u1ea7n thi\u1ebft nh\u1ea5t \u0111\u1ec3 th\u1ef1c hi\u1ec7n nhi\u1ec7m v\u1ee5 c\u1ee7a h\u1ecd, v\u00e0 m\u1ecdi ho\u1ea1t \u0111\u1ed9ng c\u1ee7a c\u00e1c t\u00e0i kho\u1ea3n c\u00f3 \u0111\u1eb7c quy\u1ec1n ph\u1ea3i \u0111\u01b0\u1ee3c theo d\u00f5i li\u00ean t\u1ee5c, k\u00e8m theo vi\u1ec7c g\u1eedi c\u1ea3nh b\u00e1o th\u1eddi gian th\u1ef1c t\u1edbi qu\u1ea3n tr\u1ecb vi\u00ean.<\/p>\n\n\n\n

    8. LDAP Reconnaissance<\/strong><\/p>\n\n\n\n

    C\u00e1c \u0111\u1ed1i th\u1ee7 \u0111\u00e3 th\u00e2m nh\u1eadp v\u00e0o m\u00f4i tr\u01b0\u1eddng Active Directory c\u1ee7a b\u1ea1n c\u00f3 kh\u1ea3 n\u0103ng s\u1eed d\u1ee5ng c\u00e1c truy v\u1ea5n LDAP \u0111\u1ec3 thu th\u1eadp th\u00f4ng tin chi ti\u1ebft h\u01a1n v\u1ec1 m\u00f4i tr\u01b0\u1eddng \u0111\u00f3. B\u1eb1ng c\u00e1ch \u00e1p d\u1ee5ng ph\u01b0\u01a1ng ph\u00e1p n\u00e0y, h\u1ecd c\u00f3 th\u1ec3 kh\u00e1m ph\u00e1 danh s\u00e1ch ng\u01b0\u1eddi d\u00f9ng, nh\u00f3m v\u00e0 m\u00e1y t\u00ednh, gi\u00fap h\u1ecd l\u1eadp k\u1ebf ho\u1ea1ch cho b\u01b0\u1edbc ti\u1ebfp theo. Vi\u1ec7c ng\u0103n ch\u1eb7n t\u00ecnh b\u00e1o LDAP l\u00e0 m\u1ed9t nhi\u1ec7m v\u1ee5 kh\u00f3 kh\u0103n v\u00ec h\u1ea7u h\u1ebft th\u00f4ng tin trong Active Directory m\u1eb7c \u0111\u1ecbnh \u0111\u1ec1u c\u00f3 s\u1eb5n cho t\u1ea5t c\u1ea3 ng\u01b0\u1eddi d\u00f9ng. Do \u0111\u00f3, b\u1ea1n s\u1ebd c\u1ea7n theo d\u00f5i s\u00e1t sao l\u01b0u l\u01b0\u1ee3ng LDAP \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng b\u1ea5t th\u01b0\u1eddng v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng t\u1ea5t c\u1ea3 t\u00e0i kho\u1ea3n ch\u1ec9 \u0111\u01b0\u1ee3c c\u1ea5p quy\u1ec1n truy c\u1eadp \u00edt nh\u1ea5t c\u1ea7n thi\u1ebft \u0111\u1ec3 th\u1ef1c hi\u1ec7n nhi\u1ec7m v\u1ee5 c\u1ee7a h\u1ecd.<\/p>\n\n\n\n

    9. BloodHound Reconnaissance<\/strong><\/p>\n\n\n\n

    BloodHound l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 cho nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh v\u00e0 t\u1ea1o h\u00ecnh h\u00f3a c\u00e1c l\u1ed9 tr\u00ecnh t\u1ea5n c\u00f4ng trong m\u00f4i tr\u01b0\u1eddng Active Directory. C\u00f4ng c\u1ee5 n\u00e0y ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch t\u1ea1o ra m\u1ed9t bi\u1ec3u \u0111\u1ed3 m\u00f4 t\u1ea3 m\u00e1y t\u00ednh n\u00e0o c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c truy c\u1eadp b\u1edfi ng\u01b0\u1eddi d\u00f9ng n\u00e0o, c\u00f9ng v\u1edbi th\u00f4ng tin li\u00ean quan \u0111\u1ebfn th\u00f4ng tin \u0111\u0103ng nh\u1eadp ng\u01b0\u1eddi d\u00f9ng m\u00e0 c\u00f3 th\u1ec3 b\u1ecb \u0111\u00e1nh c\u1eafp t\u1eeb b\u1ed9 nh\u1edb. T\u1ed5 ch\u1ee9c c\u0169ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng BloodHound \u0111\u1ec3 gi\u00fap h\u1ecd x\u00e1c \u0111\u1ecbnh v\u00e0 kh\u1eafc ph\u1ee5c nh\u1eefng l\u1ed7 h\u1ed5ng trong m\u00f4i tr\u01b0\u1eddng c\u1ee7a h\u1ecd, c\u0169ng nh\u01b0 cung c\u1ea5p th\u00f4ng tin \u00fd ngh\u0129a v\u1ec1 c\u00e1ch g\u00e1n m\u1ee9c truy c\u1eadp th\u00edch h\u1ee3p cho ng\u01b0\u1eddi d\u00f9ng.<\/p>\n\n\n\n

    10. NTDS.dit Extraction<\/strong><\/p>\n\n\n\n

    B\u1ed9 \u0111i\u1ec1u khi\u1ec3n mi\u1ec1n l\u01b0u tr\u1eef to\u00e0n b\u1ed9 th\u00f4ng tin trong Active Directory trong m\u1ed9t t\u1ec7p \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn v\u1edbi t\u00ean g\u1ecdi l\u00e0 ntds.dit .Theo c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh, t\u1ec7p n\u00e0y \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef t\u1ea1i \u0111\u01b0\u1eddng d\u1eabn: C:\\Windows\\NTDS. Trong tr\u01b0\u1eddng h\u1ee3p m\u1ed9t k\u1ebb th\u00f9 ti\u1ebfp c\u1eadn v\u00e0o h\u1ec7 th\u1ed1ng Active Directory, h\u1ecd c\u00f3 kh\u1ea3 n\u0103ng truy c\u1eadp v\u00e0o t\u1ec7p ntds.dit ho\u1eb7c x\u00e2m nh\u1eadp v\u00e0o gi\u1ea3i ph\u00e1p sao l\u01b0u c\u1ee7a t\u1ed5 ch\u1ee9c \u0111\u1ec3 chi\u1ebft xu\u1ea5t t\u1ec7p ntds.dit t\u1eeb b\u1ea3n sao l\u01b0u d\u1ef1 ph\u00f2ng. \u0110\u1ec3 ng\u0103n ch\u1eb7n vi\u1ec7c tr\u00edch xu\u1ea5t t\u1ec7p ntds.dit, c\u1ea7n h\u1ea1n ch\u1ebf s\u1ed1 l\u01b0\u1ee3ng t\u00e0i kho\u1ea3n c\u00f3 kh\u1ea3 n\u0103ng \u0111\u0103ng nh\u1eadp v\u00e0o b\u1ed9 \u0111i\u1ec1u khi\u1ec3n mi\u1ec1n, ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp v\u00e0o m\u00e1y ch\u1ee7 b\u1ed9 \u0111i\u1ec1u khi\u1ec3n v\u1eadt l\u00fd v\u00e0 th\u1ef1c hi\u1ec7n m\u1ecdi bi\u1ec7n ph\u00e1p c\u1ea7n thi\u1ebft \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng m\u00f4i tr\u01b0\u1eddng Active Directory c\u1ee7a b\u1ea1n.”<\/p>\n\n\n\n

    III. C\u00e1ch th\u1ee9c ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng trong m\u00f4i tr\u01b0\u1eddng AD<\/strong><\/p>\n\n\n

    \n
    \"\"<\/figure>\n<\/div>\n\n\n

    Ch\u1ed1ng t\u1ea5n c\u00f4ng Active Directory (AD) l\u00e0 m\u1ed9t ph\u1ea7n quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ea1 t\u1ea7ng m\u1ea1ng v\u00e0 h\u1ec7 th\u1ed1ng th\u00f4ng tin c\u1ee7a t\u1ed5 ch\u1ee9c. <\/p>\n\n\n\n

    D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p ch\u00ednh \u0111\u1ec3 ch\u1ed1ng t\u1ea5n c\u00f4ng AD:<\/strong><\/p>\n\n\n\n

      \n
    • C\u1eadp nh\u1eadt v\u00e0 b\u1ea3o m\u1eadt h\u1ec7 th\u1ed1ng:<\/strong>\u0110\u1ea3m b\u1ea3o r\u1eb1ng t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7 v\u00e0 thi\u1ebft b\u1ecb trong m\u00f4i tr\u01b0\u1eddng AD c\u1ee7a b\u1ea1n \u0111\u1ec1u \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt \u0111\u1ea7y \u0111\u1ee7 v\u1edbi c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt m\u1edbi nh\u1ea5t. S\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt v\u00e0 t\u01b0\u1eddng l\u1eeda \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c t\u1ea5n c\u00f4ng.<\/li>\n\n\n\n
    • Qu\u1ea3n l\u00fd quy\u1ec1n truy c\u1eadp:<\/strong>Th\u1ef1c hi\u1ec7n nguy\u00ean t\u1eafc nguy\u00ean t\u1eafc t\u1ed1i thi\u1ec3u (Principle of Least Privilege – POLP): C\u1ea5p quy\u1ec1n truy c\u1eadp c\u1ea7n thi\u1ebft \u0111\u1ec3 ng\u01b0\u1eddi d\u00f9ng ho\u00e0n th\u00e0nh c\u00f4ng vi\u1ec7c c\u1ee7a h\u1ecd, kh\u00f4ng qu\u00e1 quy\u1ec1n truy c\u1eadp. \u0110\u1ea3m b\u1ea3o r\u1eb1ng c\u00e1c quy\u1ec1n qu\u1ea3n tr\u1ecb \u0111\u1eb7c bi\u1ec7t ch\u1ec9 \u0111\u01b0\u1ee3c c\u1ea5p cho ng\u01b0\u1eddi d\u00f9ng th\u1eadt s\u1ef1 c\u1ea7n thi\u1ebft, v\u00e0 kh\u00f4ng n\u00ean s\u1eed d\u1ee5ng t\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb cho c\u00e1c t\u00e1c v\u1ee5 th\u00f4ng th\u01b0\u1eddng.<\/li>\n\n\n\n
    • Ki\u1ec3m tra x\u00e1c th\u1ef1c v\u00e0 qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u:<\/strong> Y\u00eau c\u1ea7u s\u1eed d\u1ee5ng x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA) cho t\u1ea5t c\u1ea3 c\u00e1c t\u00e0i kho\u1ea3n, \u0111\u1eb7c bi\u1ec7t l\u00e0 \u0111\u1ed1i v\u1edbi t\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb. \u00c1p d\u1ee5ng ch\u00ednh s\u00e1ch m\u1eadt kh\u1ea9u m\u1ea1nh v\u00e0 y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng thay \u0111\u1ed5i m\u1eadt kh\u1ea9u \u0111\u1ecbnh k\u1ef3.<\/li>\n\n\n\n
    • Gi\u00e1m s\u00e1t v\u00e0 ph\u00e1t hi\u1ec7n X\u00e2m nh\u1eadp:<\/strong> Th\u1ef1c hi\u1ec7n gi\u00e1m s\u00e1t li\u00ean t\u1ee5c cho c\u00e1c ho\u1ea1t \u0111\u1ed9ng tr\u00ean h\u1ec7 th\u1ed1ng AD \u0111\u1ec3 ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng. S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 gi\u00e1m s\u00e1t b\u1ea3o m\u1eadt \u0111\u1ec3 theo d\u00f5i c\u00e1c s\u1ef1 ki\u1ec7n quan tr\u1ecdng tr\u00ean m\u00f4i tr\u01b0\u1eddng AD.<\/li>\n\n\n\n
    • Kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i v\u00e0 sao l\u01b0u:<\/strong> Th\u01b0\u1eddng xuy\u00ean sao l\u01b0u d\u1eef li\u1ec7u AD \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i sau khi x\u1ea3y ra s\u1ef1 c\u1ed1. L\u1eadp k\u1ebf ho\u1ea1ch v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c k\u1ecbch b\u1ea3n ph\u1ee5c h\u1ed3i \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng b\u1ea1n c\u00f3 kh\u1ea3 n\u0103ng kh\u00f4i ph\u1ee5c l\u1ea1i AD trong tr\u01b0\u1eddng h\u1ee3p x\u1ea5u nh\u1ea5t.<\/li>\n\n\n\n
    • \u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean:<\/strong> \u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean v\u1ec1 c\u00e1c nguy c\u01a1 b\u1ea3o m\u1eadt v\u00e0 c\u00e1ch ph\u00e1t hi\u1ec7n c\u00e1c h\u00e0nh vi \u0111\u00e1ng ng\u1edd. Khuy\u1ebfn ngh\u1ecb h\u1ecd th\u1ef1c hi\u1ec7n th\u1ef1c ti\u1ec5n b\u1ea3o m\u1eadt th\u00f4ng tin c\u00e1 nh\u00e2n v\u00e0 t\u00e0i kho\u1ea3n.<\/li>\n\n\n\n
    • Ki\u1ec3m tra b\u1ea3o m\u1eadt:<\/strong> Th\u1ef1c hi\u1ec7n ki\u1ec3m tra b\u1ea3o m\u1eadt \u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c l\u1ed7 h\u1ed5ng ti\u1ec1m n\u0103ng trong h\u1ec7 th\u1ed1ng AD c\u1ee7a b\u1ea1n. Ki\u1ec3m tra b\u1ea3o m\u1eadt bao g\u1ed3m ki\u1ec3m tra x\u00e2m nh\u1eadp (penetration testing) v\u00e0 ki\u1ec3m tra ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt.<\/li>\n\n\n\n
    • Ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n m\u00e3 \u0111\u1ed9c:<\/strong> Ph\u1ea7n m\u1ec1m antivirus ( nh\u01b0 Sophos endpoint, AVG ) c\u00f3 kh\u1ea3 n\u0103ng ph\u00e1t hi\u1ec7n c\u00e1c lo\u1ea1i m\u00e3 \u0111\u1ed9c nh\u01b0 vi-r\u00fat, s\u00e2u, trojan, ransomware v\u00e0 ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p. N\u00f3 c\u00f3 th\u1ec3 ng\u0103n ch\u1eb7n ch\u00fang kh\u1ecfi vi\u1ec7c x\u00e2m nh\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

      T\u1ed5ng quan : Active Directory (AD) \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed9t ph\u1ea7n quan tr\u1ecdng c\u1ee7a h\u1ec7 th\u1ed1ng th\u00f4ng tin c\u1ee7a doanh nghi\u1ec7p. Tuy nhi\u00ean, \u0111i\u1ec1u n\u00e0y c\u0169ng \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c n\u00f3 tr\u1edf th\u00e0nh m\u1ed9t m\u1ee5c ti\u00eau h\u1ea5p d\u1eabn \u0111\u1ed1i v\u1edbi c\u00e1c k\u1ebb t\u1ea5n c\u00f4ng. \u0110\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng AD kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng […]<\/p>\n","protected":false},"author":11,"featured_media":7626,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[18,80,17],"tags":[259,61,97,164],"class_list":["post-7621","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-endpoint","category-huong-dan-tai-lieu","category-bao-mat","tag-ad-security","tag-endpoint-security","tag-sophos-endpoint","tag-top-10","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=7621"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7621\/revisions"}],"predecessor-version":[{"id":10140,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7621\/revisions\/10140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/7626"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=7621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=7621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=7621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}