Group Managed Service Accounts (gMSA’s) can be used to run Windows services over multiple servers within the Windows domain. Since the launch of Windows Server 2012 R2, gMSA has been the recommended service account option for AD FS. As abusing AD FS is one of my favourite hobbies, I wanted to learn how gMSAs work.| aadinternals.com
In my previous blog posts I’ve covered details on PRTs, BPRTs, device compliance, and Azure AD device join. In this blog, I’ll show how to steal identities of existing Azure AD joined devices, and how to fake identies of non-AAD joined Windows devices with AADInternals v0.6.6.| aadinternals.com
This post is part 5⁄5 of Azure AD and Microsoft 365 kill chain blog series. Although on-prem administrators doesn’t usually have admin rights to Azure AD, they can have access to crucial information, such as Azure AD Connect, ADFS, and Active Directory. Administrators of these services can easily get admin rights to Azure AD to manipulate and impersonate users. In this blog, using AADInternals v0.4.0, I’ll show how to get Global Admin access and how to impersonate users as an on-prem ad...| aadinternals.com