πŸ”’
There are new articles available, click to refresh the page.
Before yesterdayActive Direcory

Attacking Active Directory Group Managed Service Accounts (GMSAs)

29 May 2020 at 14:00
In May 2020, I presented some Active Directory security topics in a Trimarc Webcast called β€œSecuring Active Directory: Resolving Common Issues” and included some information I put together relating to the security of AD Group Managed Service Accounts (GMSA). This post includes the expanded version of attacking and defending GMSAs I covered in the webcast.I …

Continue reading

From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path

27 May 2020 at 18:00
For most of 2019, I was digging into Office 365 and Azure AD and looking at features as part of the development of the new Trimarc Microsoft Cloud Security Assessment which focuses on improving customer Microsoft Office 365 and Azure AD security posture. As I went through each of them, I found one that was …

Continue reading

What is Azure Active Directory?

12 January 2020 at 20:17
Many are familiar with Active Directory, the on-premises directory and authentication system that is available with Windows Server, but exactly what is Azure Active Directory? Azure Active Directory (Azure AD or AAD) is a multi-tenant cloud directory and authentication service. Azure AD is the directory service that Office 365 (and Azure) leverages for account, groups, …

Continue reading

Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud

7 August 2019 at 19:15
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD) Sean Metcalf (Trimarc) & Mark Morowczynski (Principal Program Manager, Microsoft) The allure of the β€œCloud” is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and …

Continue reading

AD Reading: Windows Server 2019 Active Directory Features

1 August 2019 at 19:17
Windows Server 2019 has several new features, though nothing in this list is related to AD. Note that there is no Windows Server 2019 AD Forest/Domain Functional Level. There are no new features for Active Directory in Windows Server 2019 except one performance update which doesn’t affect most deployments. This update is related to an …

Continue reading

There’s Something About Service Accounts

21 March 2019 at 15:17
Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost always over-privileged due to documented vendor requirements or because of operational challenges (β€œjust make it work”). We can discover service accounts by looking for user accounts with Kerberos Service Principal Names (SPNs) which I …

Continue reading

Mitigating Exchange Permission Paths to Domain Admins in Active Directory

12 February 2019 at 19:02
This article is a cross-post from TrimarcSecurity.comOriginal article: https://www.trimarcsecurity.com/single-post/2019/02/12/Mitigating-Exchange-Permission-Paths-to-Domain-Admins-in-Active-Directory The IssueΒ Recently a blog post was published by Dirk-jan Mollema titled β€œAbusing Exchange: One API call away from Domain Admin ” (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/)which highlighted several issues with Exchange permissions and a chained attack which would likely result in a regular user with a mailbox being able to …

Continue reading

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration

11 October 2018 at 14:24
It’s been almost 1.5 years since the Medium post by Shay Ber was published that explained how to execute a DLL as SYSTEM on a Domain Controller provided the account is a member of DNSAdmins. I finally got around to posting here since many I speak with aren’t aware of this issue. Shay describes this …

Continue reading

Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest

10 October 2018 at 14:15
At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though one in particular caught my eye. Overview Lee figured out and presents a scenario where there’s an account …

Continue reading

Black Hat & DEF CON Presentation Slides Posted

12 August 2018 at 20:27
I just uploaded the slides from my Black Hat & DEF CON talks from the past week in Vegas.Β  They are a bit different with the BH talk more Blue (defensive) and the DC talk mostly Red (Offensive) in focus. Also note that the only real overlap in content is the MFA & password vault …

Continue reading

  • There are no more articles
❌