Kerberos is the default authentication protocol in on-prem Windows environments. We’re launching a 6-part YouTube series, a technical deep dive into Kerberos. We’ll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.| Compass Security Blog
We are back from Black Hat USA, where we presented our research on Windows Hello for Business (Slides) once more. In the last two blog posts, we have discussed the architecture of WHfB and past attacks, as well as how the database works and how to swap identities in the database. First, a few words regarding my experience at Black Hat: for me, it was the first time attending the confere ...| Insinuator.net
Keep your critical systems secure. The post Hybrid Identity Protection: Bridging On-Premises AD and Entra ID Security appeared first on Commvault - English - United States.| Commvault – English – United States
Prepare your team to confidently face an outage. The post AD Recovery Testing: How to Know Your Recovery Plan Will Actually Work appeared first on Commvault - English - United States.| Commvault – English – United States
Learn how to help enable rapid, reliable recovery of identity services. The post Five Critical AD Backup Capabilities Most Organizations Are Missing appeared first on Commvault - English - United States.| Commvault – English – United States
In the event of a complete forest-level failure, the ability to quickly and accurately recover AD is essential for maintaining continuous business.| Commvault - English - United States
One often-overlooked security risk in Active Directory is the ability to create user accounts without a password (with a blank password). In this article, we’ll explore whether it’s possible to… The post How to Find AD Users with Blank Passwords (Password-Not-Required) appeared first on Windows OS Hub.| Windows OS Hub
Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost always over-privileged due to documented vendor requirements or because of operational challenges (“just make it work”). We can discover service accounts by looking for user accounts with Kerberos Service Principal Names (SPNs) which I … Continue reading| Active Directory & Azure AD/Entra ID Security
The #TROOPERS25 'AD & Entra ID Security' track was a blast – as was the whole conference ;-) – bringing together some of the smartest researchers in the field and a great audience of practitioners willing to share their experiences during the roundtable. The slides of the talks have been released in the interim on the TROOPERS website, but since many speakers published additional blogpost ...| Insinuator.net
Microsoft’s recent research spotlights a dangerous post-exploitation technique called Golden dMSA. This new attack method abuses SYSTEM-level access on domain controllers to execute persistent payloads, including ransomware that targets the core of Active Directory. By hijacking delegated Managed Service Accounts (dMSAs), attackers can gain access without needing to compromise traditional credentials. Originally introduced in Windows […]| Silverfort
BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics. The post When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory appeared first on Unit 42.| Unit 42
SAML 2.0, or Security Assertion Markup Language 2.0, is an open standard that enables cross-domain single sign-on (SSO). It’s a process which allows one system (the “Service Provider”) to trust the authentication performed by another system (the “Identity Provider”). Essentially, it lets users authenticate once and then access multiple services without needing to re-enter their […] The post SAML 2.0 integration comes to MIDAS appeared first on MIDAS - Room Booking System | Blog.| MIDAS – Room Booking System | Blog
Have you ever experienced unexplainable changes to your Windows Servers system time before? We sure have! And Microsoft has recently changed their recommendation on Secure Time Seeding which seems to be the root cause for these strange behaviors as described here. Microsoft has identified potential timekeeping issues in Windows Server OS caused by the Secure […] The post Microsoft’s changed recommendation on Secure Time Seeding for Windows Server appeared first on Mindcore Techblog.| Mindcore Techblog
Active Directory backup has been an important topic for a long time. Today however, with identity-based attacks on the rise and AI empowering a broader base of threat actors, several aspects of the process have taken on new urgency. This blog post explains what you need to know to ensure you have the Active Directory […] The post Active Directory backup strategies you need today appeared first on The Quest Blog.| The Quest Blog
In the last blog post, we discussed the full authentication flow using Windows Hello for Business (WHfB) with face recognition to authenticate against an Active Directory with Kerberos and showcased existing and new vulnerabilities. In this blog post, we dive into the architectural challenges WHfB faces and explore how we can exploit them. The majority […]| Insinuator.net
Dubbed “NOTLogon,” Silverfort discovered an Active Directory DoS vulnerability, which was patched by Microsoft on July 8, 2025.| Silverfort
Discover five essential Active Directory security best practices to defend against modern identity-based threats and insider privilege abuse.| The Quest Blog
This is really just a post for me to keep track of sites that have got or had performance issues […]| mcnewton's notes
Windows Hello for Business is a key component of Microsoft’s passwordless authentication strategy. It enables user authentication not only during system sign-in but also in conjunction with new and advanced features such as Personal Data Encryption, Administrator Protection, and Recall. Rather than depending on traditional passwords, Windows Hello leverages a PIN or biometric methods – […]| Insinuator.net
A privilege escalation flaw in Windows Server 2025 can be leveraged to compromise any user in Active Directory, including Domain Admins.| Help Net Security
Неочевидная возможность создать учетные записи пользователей Active Directory без пароля (с пустым паролем) является одной из угроз безопасности домена. В этой| winitpro.ru
Time synchronization in an Active Directory is critical to properly functioning of the domain services and security mechanisms. If a proper and reliable time sync scheme is not configured in…| Windows OS Hub
After almost 30 years of use, ITS has retired Heimdal Kerberos and transitioned Carolina’s logins to Microsoft Active Directory.| Information Technology Services
Yak-Shaver's Delight| aaronstannard.com
The experts who built and maintained Active Directory are retiring. Learn how to prepare for the upcoming Active Directory retirement crisis.| The Quest Blog
Security Identifier (SID) History is a useful mechanism in Active Directory (AD) migrations. It allows users and groups in a new domain to retain access to resources that still rely on permissions from the old domain. However, once migrations are completed, these historical SIDs can become clutter, posing both security and administrative challenges. While it’s best to remove unnecessary SID History as soon as you’re done migrating, many environments skip this step. Over time, decommission...| Evotec
Many Active Directory misconfigurations are simple to identify and resolve. Discover how to mitigate them.| The Quest Blog
TLDR: Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.| blog.compass-security.com
Explore how Group Policy is being abused and why it is a powerful tool for both defenders and adversaries.| The Quest Blog
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure.| blog.compass-security.com
Maintaining secure integrations between Active Directory (AD) and identity management platforms like Keycloak is a crucial task in any modern IT environment. Password management for service accounts, especially those used in sensitive environments such as LDAP integrations, can become tedious when performed manually. However, automating the process reduces errors, enhances security, and saves time. In… The post Automated Rotation of Keycloak LDAP Federation Password for Zerto appeared first...| Justin's IT Blog
How to enable and use the Active Directory Recycle Bin. Restore Deleted AD objects with only a few clicks| LazyAdmin
Have you ever looked at your Active Directory and wondered, "Why do I still have computers listed that haven't been turned on since World Cup 2016?" Yeah, we've all been there. Keeping AD clean and up-to-date is like trying to organize your garage—it’s easy to put off until it becomes a total mess.That’s where my PowerShell module, CleanupMonster, comes to the rescue. This little powerhouse is designed to help you effortlessly track down and deal with those old, stale computers clutteri...| Evotec
Learn what configuration drift is in AD, what causes it, and effective strategies to prevent and mitigate it at your organization.| The Quest Blog
Password spraying is a well-known technique which consists of testing the same password on several accounts, in the hope that it will work for one of them. This technique is used in many different contexts: On web applications, the Cloud, services like SSH, FTP, and many others. It’s also widely used in internal penetration testing with Active Directory. It’s the latter that we’re going to focus on, because although the technique seems simple, it’s not easy to put it into practice wit...| hackndo
Active Directory replication is a critical process that ensures the consistent and up-to-date state of directory information across all domain controllers in a domain. Monitoring this process is important as it helps identify any issues that may arise and resolve them quickly. One way to monitor Active Directory replication is by using the Repadmin command-line tool. Repadmin provides a wealth of information about the replication status and health of a domain. However, manually checking the R...| Evotec
Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its health is pivotal for the seamless operation of various services. Today, I decided to look at Microsoft Entra Connect Health (Azure AD Connect Health) service, which allows monitoring Azure AD Connect, ADFS, and Active Directory. This means that under a single umbrella, you can have an overview of three services health. But is it worth it? The post Active Directory Health Check using Mic...| Evotec
Modernizing Active Directory offers a wealth of benefits. Learn the top considerations to keep in mind so you can modernize with confidence.| The Quest Blog
Administrators of Windows servers frequently utilize the graphical tools provided within the Windows Server interface to configure network parameters and administer Microsoft’s proprietary network directory service, Active Directory. These tools take the form of snap-ins for the Microsoft Management Console (MMC) and include Active Directory Users and Computers, Active Directory Sites and Services, Active Directory … … Continue reading →| Doug Vitale Tech Blog
Mimikatz is is an application that allows you to view, save and use authentication credentials and even more. The following... The post Use and prevent Mimikatz first appeared on wirzfamily.ch.| wirzfamily.ch
Everything seems to be ok and nobody complains, but there is always room for improvement. Especially when it comes to... The post Securing Active Directory first appeared on wirzfamily.ch.| wirzfamily.ch
Collect data To collect data you need a tool called SharpHound.exe Download it from: https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors Run the following command with a normal "Domain User" to enumerate Group Membership, Trusts, ACLs, ObjectProps, Containers, and GPO Local Admins within a Domain: SharpHound.exe -c DCOnly When finished, a zip file should have been generated - example: 20200220204118_BloodHound.zip Database| wirzfamily.ch
How to safely change the IP Address of a domain controller. Everything you need to prepare and check for a smooth change.| LazyAdmin
Discover Active Directory Certificate Services and learn to identify and secure vulnerabilities in this crucial authentication service.| The Quest Blog
Privilege escalation attacks are a critical threat. Learn what they are, how they work and key best practices to defend against them.| The Quest Blog
Published on| offsec.almond.consulting
Published on| offsec.almond.consulting
Published on| offsec.almond.consulting
Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. The entire BloodHound package can be downloaded (Figure 32) from the address: https://github.com/BloodHoundAD/BloodHound/releases After downloading and ...| research.securitum.com
Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows ...| research.securitum.com
In order to allow a service to access another service on behalf of the user, Kerberos Delegation has been implemented.| hackndo
This article aims to explain the Kerberoasting attack principle, based on the TGS request and the SPN attributes of Active Directory accounts.| hackndo
When asking for a TGT, a user has to preauthenticate himself to the domain controller in order to get a response. If preauthentication is disabled, this account is vulnerable to as_rep roasting attack.| hackndo
Gain insights into cyber risk insurance, understand qualification criteria, and explore strategies to reduce your insurance premiums.| The Quest Blog
Learn what the succession plan for future Active Directory admins should look like ahead of the retirement boom of more experienced admins.| The Quest Blog
Customer lessons learned when disabling RC4 in Active Directory.| syfuhs.net
