Category Archives: Active Directory

How one misconfiguration in ADCS can lead to full AD Forest compromise

Active Directory Certificate Services (ADCS) has become more popular with all the recent attacks that has been shared publicly. The folks from SpecterOps shared a whitepaper with all the possible attacks that can lead to compromising an ADCS server. This blog post is not meant to cover all the attacks again, since there are already tons of content available on

Read more

History of Exchange with having wide permissions in AD

On-Premises Exchange servers have always been a different beast when we compare it to other Microsoft products like SQL, SharePoint, and others. Exchange in general has been notorious for having wide permissions within AD. In the past, this has been described as ‘design’. Providing Exchange administrators, the flexibility to manage attributes on Exchange Server objects that are consistent with their

Read more

How to implement the Exchange Split Permissions Model?

This blog post will be targeted for organizations that are still operating with On-Premises Exchange servers. Exchange has always been an interesting piece, since it’s so tightened within AD. This can introduce security challenges as well. In this blog post, we will cover how we can implement the Exchange Split Permission Model to reduce the chance of an Exchange compromise

Read more

Revisiting Constrained Delegation

Constrained Delegation was introduced in Windows Server 2003 as an improved and more secure version of Unconstrained Delegation. Constrained Delegation allows admins to limit the services to which an impersonated account can connect to. It is using two Kerberos extensions to allow impersonation to only specific services. S4U2Self: An service can request a forwardable Service Ticket on behalf of any

Read more

How to roll out Microsoft LAPS via GPO and why you should do it?

Local Administrator Password Solution (LAPS) is a password manager that can be used to automatically rotate the Built-in Administrator (RID-500) account on each individual workstation or server. The great thing about LAPS is, that it doesn’t require any additional infrastructure to store passwords, and you don’t have to pay for it, because it is free. There are of course better solutions in the market

Read more