CyberSecC@ptBlackb3ard
  • 🦜Welcome
  • Cyber Security
    • Offensive Security
      • Penetration Testing Methodology
      • Pre-Engagement Interaction
      • Reconnaissance (Information Gathering)
        • Open-Source Intelligence (OSINT)
      • Scanning and Enumeration
        • Domain Enumeration
        • Network Enumeration
          • Network Mapper (nmap)
          • Port/Protocol & Service Enumeration & Attack
            • File Transfer Protocol (FTP): 20, 21
              • Trivial File Transfer Protocol (TFTP): 69
              • FTP over SSL/TLS (FTPS): 989, 990
            • Secure Shell (SSH): 22
            • Telnet: 23
            • Simple Mail Transfer Protocol (SMTP): 25
              • SMTP Secure (SMTPS): 587
            • Domain Name System (DNS):53
            • Dynamic Host Configuration Protocol (DHCP): 67, 68
            • Hyper Text Transfer Protocol (HTTP): 80
              • HTTP over SSL/TLS (HTTPS): 443
            • Kerberos: 88
            • Post Office Protocol version 3 (POP3): 110
            • Network Time Protocol (NTP): 123
            • Remote Procedure Call (RPC): 135
            • NetBIOS: 137, 138, 139
            • Internet Message Access Protocol (IMAP): 143
            • IMAP over SSL/TLS: 933
            • Internet Relay Chat (IRC): 194
            • Light Weight Directory Access Protocol (LDAP): 389
              • LDAP over SSL/TLS (LDAPS): 636
            • Server Message Block (SMB): 445
              • Hostname
              • Shared Folders
            • Network File System (NFS): 2049
            • Microsoft SQL Server: 1433
            • MySQL Server: 3306
            • PostgreSQL Server: 5432
            • Remote Desktop Protocol (RDP): 3389
            • Border Gateway Protocol (BGP): 179
            • Remote Authentication Dial-In User Service (RADIUS): 1812, 1813
        • Web Enumeration
      • Security Assessment Report Writing
      • Tools
        • Cryptography & Encoding
          • Password Recovery
        • Network Tools
  • Networking
    • OSI and TCP/IP Model
      • Common Network Ports & Protocols
  • Cloud
    • Cloud Computing
  • General
    • Cyber Security Theory
      • Information Security
      • Cybersecurity Resilience
      • Cybersecurity Posture
    • Terms and Acronyms
    • Database Cheat Sheets
Powered by GitBook
On this page
  1. Cyber Security
  2. Offensive Security
  3. Scanning and Enumeration
  4. Network Enumeration
  5. Port/Protocol & Service Enumeration & Attack
  6. Light Weight Directory Access Protocol (LDAP): 389

LDAP over SSL/TLS (LDAPS): 636

Security Weaknesses:

  • Outdated SSL/TLS configurations may expose communication to MITM attacks.

  • Improper certificate management can lead to security vulnerabilities.

  • Susceptible to brute-force attacks without account lockout policies.

Security Defense and Mitigation Measures:

  • Use TLS 1.2 or higher for encrypted LDAP communication.

  • Require client-side certificates for additional security.

  • Implement strong authentication mechanisms and rate limiting.

  • Regularly monitor and audit LDAP traffic for anomalies.

Indicators of Compromise or Attack:

  • Repeated failed login attempts against LDAP accounts.

  • Unauthorized access to directory entries or modification of permissions.

  • Expired, mismatched, or self-signed SSL/TLS certificates in use.

PreviousLight Weight Directory Access Protocol (LDAP): 389NextServer Message Block (SMB): 445

Last updated 5 months ago