Active Directory Certificate Services (ADCS) has become more popular with all the recent attacks that has been shared publicly. The folks from SpecterOps shared a whitepaper with all the possible attacks that can lead to compromising an ADCS server. This blog post is not meant to cover all the attacks again, since there are already tons of content available on
Read moreOn-Premises Exchange servers have always been a different beast when we compare it to other Microsoft products like SQL, SharePoint, and others. Exchange in general has been notorious for having wide permissions within AD. In the past, this has been described as ‘design’. Providing Exchange administrators, the flexibility to manage attributes on Exchange Server objects that are consistent with their
Read moreThis blog post will be targeted for organizations that are still operating with On-Premises Exchange servers. Exchange has always been an interesting piece, since it’s so tightened within AD. This can introduce security challenges as well. In this blog post, we will cover how we can implement the Exchange Split Permission Model to reduce the chance of an Exchange compromise
Read moreThis will be a straight forwarded blog post where I’m going to explain on how we can upgrade On-Premises Exchange servers CU level. Upgrading the CU level in general has been a challenging task since it’s not the same as traditional Windows updates. If you are looking for guidance on how to upgrade Exchange servers that don’t have the latest
Read moreKeep in mind that hiring an IR firm is recommended before executing all of these steps. Perform the steps that are applicable to you and your organization. It’s been a while that I’ve blogged, but today. I’d would like to cover how we can respond to a ransomware attack, while focusing on the remediation part. This blog post will be
Read moreYou must have been thinking… Is this another blog post about Kerberoasting? Well yes and no. During this time, we will be discussing how to Kerberoast accounts, while trying to stay under the radar from a defender’s perspective. The focus is primary on the technique itself, and not the fact that I’m using PowerShell 😉 Kerberoasting is an technique that
Read moreConstrained Delegation was introduced in Windows Server 2003 as an improved and more secure version of Unconstrained Delegation. Constrained Delegation allows admins to limit the services to which an impersonated account can connect to. It is using two Kerberos extensions to allow impersonation to only specific services. S4U2Self: An service can request a forwardable Service Ticket on behalf of any
Read moreUnconstrained Delegation is an insecure feature within Active Directory that allows users or computers to impersonate other accounts on the network. Every time that a user is requesting a Service Ticket from a Domain Controller to access a service. The Domain Controller will make a copy of a user’s TGT, and attach it to the Service Ticket, which will be
Read moreLocal Administrator Password Solution (LAPS) is a password manager that can be used to automatically rotate the Built-in Administrator (RID-500) account on each individual workstation or server. The great thing about LAPS is, that it doesn’t require any additional infrastructure to store passwords, and you don’t have to pay for it, because it is free. There are of course better solutions in the market
Read moreToday I’m going to blog about compromise recovery in an Active Directory forest. I’ve been blogging for a while and have read tons of stuff about Active Directory, but one thing has been missing. Which is how we can recover from an active attacker? There hasn’t been many articles or blog posts around recovering an AD forest. Sure, when you
Read more
Microsoft 365 Security 