Securing Active Directory Part 3: Kerberoasting The Problem: This is not meant to be a deep dive into the Kerberos protocol. It is merely to bring awareness to an often abused function of Kerberos. Any authenticated user in AD, that is a user with a valid TGT, can request a Kerberos service ticket for any account
Securing Active Directory Part 2: NTLM Relay Attacks The Problem: Attackers are often able to coerce authentication from windows endpoints through either poisoning attacks with tools like Responder, by abusing the Print Spooler service or by using something like Petitpotam. Once an attacker has coerced authentication they can capture the NTLM hash and forward or relay that authentication
Active Directory Securing Active Directory Part 1: Legacy Name Resolution Introduction: Microsoft seems to be trying pretty hard to convince everyone to move to a cloud-native directory solution (Entra ID). While this isn't entirely a bad idea, we will be dealing with on-premises Active Directory for many more years to come. This series on securing Active Directory will
Malware Featured Verify You Are Human Getting The Finger: According to Microsoft Finger.exe does the following: "Displays information about a user or users on a specified remote computer (typically a computer running UNIX) that is running the Finger service or daemon. The remote computer specifies the format and output of the user information display.
