I’ve decided to write this blog post, because one day. I’m confident that I will use it during an incident response. In this blog post, we will cover different persistence that are relevant. It does not mean that we will cover every persistence that’s out there, which is kind of unrealistic. Due to the fact, that Windows & Active Directory
Read moreLocal Administrator Password Solution (LAPS) is a password manager that can be used to automatically rotate the Built-in Administrator (RID-500) account on each individual workstation or server. The great thing about LAPS is, that it doesn’t require any additional infrastructure to store passwords, and you don’t have to pay for it, because it is free. There are of course better solutions in the market
Read moreToday I’m going to blog about compromise recovery in an Active Directory forest. I’ve been blogging for a while and have read tons of stuff about Active Directory, but one thing has been missing. Which is how we can recover from an active attacker? There hasn’t been many articles or blog posts around recovering an AD forest. Sure, when you
Read more