Active Directory | Microsoft 365 Security

Category Archives: Active Directory

Practical Guidance for IT Admins to respond after Ransomware attacks

Posted on September 19, 2022 by m365guy 3 comments

Keep in mind that hiring an IR firm is recommended before executing all of these steps. It’s been a while that I’ve blogged, but today. I’d would like to cover how we can respond to a ransomware attack, while focusing on the remediation part. This blog post will be specifically targeting the IT Professionals audience and will focus only on

Active Directory

Analyzing network packets with Wireshark – AD and User Enumeration

Posted on June 19, 2022 by m365guy Leave a comment

It has been a while that I decided to blog, but I’ve been lately into Reverse Engineering. Today, I would like to start my blog series on how I approach a technical topic with the goal to understand the implementation details as much as possible. This will be a two-series blog post. First, we will start with doing packet capture

Active Directory

Kerberoast with OpSec

Posted on November 8, 2021 by m365guy Leave a comment

You must have been thinking… Is this another blog post about Kerberoasting? Well yes and no. During this time, we will be discussing how to Kerberoast accounts, while trying to stay under the radar from a defender’s perspective. The focus is primary on the technique itself, and not the fact that I’m using PowerShell 😉 Kerberoasting is an technique that

Revisiting Constrained Delegation

Posted on November 2, 2021 by m365guy Leave a comment

Constrained Delegation was introduced in Windows Server 2003 as an improved and more secure version of Unconstrained Delegation. Constrained Delegation allows admins to limit the services to which an impersonated account can connect to. It is using two Kerberos extensions to allow impersonation to only specific services. S4U2Self: An service can request a forwardable Service Ticket on behalf of any

Revisiting Unconstrained Delegation

Posted on October 27, 2021 by m365guy Leave a comment

Unconstrained Delegation is an insecure feature within Active Directory that allows users or computers to impersonate other accounts on the network. Every time that a user is requesting a Service Ticket from a Domain Controller to access a service. The Domain Controller will make a copy of a user’s TGT, and attach it to the Service Ticket, which will be

How to roll out Microsoft LAPS via GPO and why you should do it?

Posted on May 14, 2021 by m365guy Leave a comment

Local Administrator Password Solution (LAPS) is a password manager that can be used to automatically rotate the Built-in Administrator (RID-500) account on each individual workstation or server. The great thing about LAPS is, that it doesn’t require any additional infrastructure to store passwords, and you don’t have to pay for it, because it is free. There are of course better solutions in the market

Active Directory

Practical Compromise Recovery Guidance for Active Directory

Posted on April 27, 2021 by m365guy One comment

Today I’m going to blog about compromise recovery in an Active Directory forest. I’ve been blogging for a while and have read tons of stuff about Active Directory, but one thing has been missing. Which is how we can recover from an active attacker? There hasn’t been many articles or blog posts around recovering an AD forest. Sure, when you

Active Directory