Securing On-Premises AD with Azure Sentinel

Introduction: The majority of organizations are operating in a hybrid state, which means that a lot of organizations still have to deal with their On-Premises Active Directory environment. Active Directory exists for more than a decade, but it hasn’t always been secured properly. Multiple changes are configured everyday, and it’s hard to find out, whichContinue reading “Securing On-Premises AD with Azure Sentinel”

Re-Post: Active Directory Security – Resources

Introduction An old document that I had removed from my previous website, but since people have asked for it. I have decided re-post my Active Directory Security Assessment (ADSA) documentation. ADSA provides a clear ”how-to” guidance to apply common best practices to improve the security of AD. The purpose of this documentation was mainly meantContinue reading “Re-Post: Active Directory Security – Resources”

Mitigate Credential theft with Administrative Tier Model

Introduction: A lot of organizations have a credential hygiene problem without knowing that they have it. It’s one of the common reasons why attackers are managing to obtain Domain Dominance so easily in a corporate environment, because credentials are everywhere. High-privileged accounts with the likes of Domain Admins & Enterprise Admins are login on everyContinue reading “Mitigate Credential theft with Administrative Tier Model”

Stop being lazy and deploy LAPS

Introduction: Local Administrator Password Solution (LAPS) is a password manager that can be used to automatically rotate the Built-in Administrator (RID-500) account on each individual workstation or server. What’s great about LAPS is, that it doesn’t require any additional infrastructure to store passwords, and you don’t have to pay for it, because it’s free! LAPSContinue reading “Stop being lazy and deploy LAPS”

Pass-the-Hash is still a threat

Introduction Pass-the-Hash is a very old technique that was originally published by Paul Ashton in 1997. Despite that Pass-the-Hash exists over more than a decade. It is used a lot in most ransomware attacks, like for example on the University of Maastricht. But why is this still a problem? First of all, lets have aContinue reading “Pass-the-Hash is still a threat”

Computer accounts can move laterally too!

Introduction Computer accounts in Active Directory can be abused as well, but it’s not something we hear often, because lets face it. It’s not the first thing that comes up in to our mind, when we’re thinking about moving laterally to another machine with a computer account. Before we go further in to all theContinue reading “Computer accounts can move laterally too!”

Pass-the-Hash with RID-500 account

Introduction In my previous post, I’ve blogged about how Pass-the-Hash is still a nuclear bomb on most networks around the world. Despite that Microsoft has released mitigation guidance’s around this security threat. I always felt that most companies didn’t (fully) understood the whole problem about this, which has led that many companies didn’t implemented theContinue reading “Pass-the-Hash with RID-500 account”