This blog post will be targeted for organizations that are still operating with On-Premises Exchange servers. Exchange has always been an interesting piece, since it’s so tightened within AD. This can introduce security challenges as well. In this blog post, we will cover how we can implement the Exchange Split Permission Model to reduce the chance of an Exchange compromise
Read moreYou must have been thinking… Is this another blog post about Kerberoasting? Well yes and no. During this time, we will be discussing how to Kerberoast accounts, while trying to stay under the radar from a defender’s perspective. The focus is primary on the technique itself, and not the fact that I’m using PowerShell 😉 Kerberoasting is an technique that
Read moreConstrained Delegation was introduced in Windows Server 2003 as an improved and more secure version of Unconstrained Delegation. Constrained Delegation allows admins to limit the services to which an impersonated account can connect to. It is using two Kerberos extensions to allow impersonation to only specific services. S4U2Self: An service can request a forwardable Service Ticket on behalf of any
Read moreUnconstrained Delegation is an insecure feature within Active Directory that allows users or computers to impersonate other accounts on the network. Every time that a user is requesting a Service Ticket from a Domain Controller to access a service. The Domain Controller will make a copy of a user’s TGT, and attach it to the Service Ticket, which will be
Read moreDefender for Identity is a cloud-based security solution that leverages On-Premises Active Directory signals to identify and detect threats. It monitors Domain Controllers by capturing its network traffic to leverage it with Windows event logs to analyse data for attacks that might occur on a network. Once the sensor of Defender for Identity has been installed on all the Domain
Read more
Microsoft 365 Security 