top of page
Search
Primary Group Behavior, Reporting and Exploitation
Introduction If you’ve administered Active Directory (AD) for any significant time, chances are you’ve come across the primaryGroupID ...
Brandon Colley
May 23, 20235 min read
1,253
Video: BSides Charm 2023 - AD & DNS: A Match Made in Heck
Download Jake and Jims slides here!
Jake Hildreth
May 23, 20231 min read
1,414
Video: Protecting Users with “Protected Users”
Despite being around for 9 years, organizations are unaware that the Protected Users AD group exists let alone its benefits. In this...
Jake Hildreth
Dec 16, 20221 min read
1,050
Push Comes To Shove: exploring the attack surface of SCCM Client Push Accounts
Editors Note: Part 2 of this series is now published! Head over after you've finished reading Part 1. Introduction Did you know that...
Brandon Colley
Jul 1, 20227 min read
12,414
Webcast: Top 10 Ways to Improve Active Directory Security Quickly
This Trimarc Webcast provides information about current AD attack methods attackers are leveraging to compromise Active Directory and 10 thi
Sean Metcalf
Jun 24, 20222 min read
8,040
Implementing Controls in Active Directory: Protecting Against Privileged Credential Sprawl
Protecting Against Privileged Credential Sprawl. Highly privileged accounts are often used to perform tasks on systems.
Scott Blake
Nov 19, 20218 min read
11,644
LDAP Channel Binding and Signing
The initial fuss around Microsoft “forcing” customers into LDAP channel binding and LDAP signing (January 2020, March 2020, second half...
Scott Blake
Jan 22, 20217 min read
18,607
Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory
Introduction & Attack Overview Jake Karnes ( @jakekarnes42 ) with NetSPI published 3 articles (that’s right 3!) describing a new attack...
Sean Metcalf
Dec 10, 202014 min read
3,742
Securing Microsoft Azure AD Connect
With more and more organizations moving to the cloud, specifically Azure Active Directory/Microsoft 365 (formerly Office 365), Trimarc...
Scott Blake
Oct 28, 20205 min read
12,939
Escalating to Domain Admin in Microsoft’s Cloud Hosted Active Directory (Azure AD Domain Services)
the attacker could compromise the Azure AD Domain Services domain and persist at the Domain Controller and/or domain level
Sean Metcalf
Sep 3, 20207 min read
3,257
The Art of the Honeypot Account: Making the Unusual Look Normal
I have had the idea for a post describing how to best create a honeypot (or honeytoken) account for many years and only recently gained...
Sean Metcalf
Aug 6, 202011 min read
16,463
Webcast: Securing Active Directory: Protecting AD Administration
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers common issues with AD administration, how...
Sean Metcalf
Jul 17, 20201 min read
4,585
Trimarc’s Take: 12 Steps for Better Password Management
Passwords, while serving a crucial role in identity, have unfortunately morphed into the dreaded necessary evil territory. This is easily...
Scott Blake
Jul 14, 20207 min read
3,434
Securing Active Directory: Performing an Active Directory Security Review
During the Trimarc Webcast on June 17, 2020 , Sean Metcalf covered a number of Active Directory (AD) components and areas that should be...
Sean Metcalf
Jun 23, 202014 min read
52,259
Webcast: Securing Active Directory: Performing Your Own AD Security Review
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers how to improve the security of your Active...
Sean Metcalf
Jun 17, 20201 min read
6,049
From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path
While Azure leverages Azure Active Directory for some things, Azure AD roles don’t directly affect Azure (or Azure RBAC) typically. This...
Sean Metcalf
May 27, 20208 min read
884
Webcast: Securing Active Directory: Resolving Common Issues
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers how to improve the security of your Active...
Sean Metcalf
May 18, 20201 min read
2,860
Webcast: Quest TEC Talk Office 365 & Azure Active Directory 10 Security Actions to Take Now
Slides and Video Available! From the Quest TEC Talk Series. Trimarc founder Sean Metcalf, Microsoft Certified Master, on the 10 security...
Sean Metcalf
May 15, 20201 min read
115
There’s Something About Service Accounts
Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost...
Sean Metcalf
Mar 21, 20196 min read
1,171
Mitigating Exchange Permission Paths to Domain Admins in Active Directory
A blog post was published by Dirk-jan Mollema titled "Abusing Exchange: One API call away from Domain Admin " (...
-
Feb 12, 20197 min read
3,029
bottom of page