πŸ”’
There are new articles available, click to refresh the page.
βœ‡ Active Directory Security

Attacking Active Directory Group Managed Service Accounts (GMSAs)

By: Sean Metcalf β€”
In May 2020, I presented some Active Directory security topics in a Trimarc Webcast called β€œSecuring Active Directory: Resolving Common Issues” and included some information I put together relating to the security of AD Group Managed Service Accounts (GMSA). This post includes the expanded version of attacking and defending GMSAs I covered in the webcast.I …

Continue reading

βœ‡ Active Directory Security

From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path

By: Sean Metcalf β€”
For most of 2019, I was digging into Office 365 and Azure AD and looking at features as part of the development of the new Trimarc Microsoft Cloud Security Assessment which focuses on improving customer Microsoft Office 365 and Azure AD security posture. As I went through each of them, I found one that was …

Continue reading

βœ‡ Active Directory Security

What is Azure Active Directory?

By: Sean Metcalf β€”
Many are familiar with Active Directory, the on-premises directory and authentication system that is available with Windows Server, but exactly what is Azure Active Directory? Azure Active Directory (Azure AD or AAD) is a multi-tenant cloud directory and authentication service. Azure AD is the directory service that Office 365 (and Azure) leverages for account, groups, …

Continue reading

βœ‡ Active Directory Security

Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud

By: Sean Metcalf β€”
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD) Sean Metcalf (Trimarc) & Mark Morowczynski (Principal Program Manager, Microsoft) The allure of the β€œCloud” is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and …

Continue reading

βœ‡ Active Directory Security

AD Reading: Windows Server 2019 Active Directory Features

By: Sean Metcalf β€”
Windows Server 2019 has several new features, though nothing in this list is related to AD. Note that there is no Windows Server 2019 AD Forest/Domain Functional Level. There are no new features for Active Directory in Windows Server 2019 except one performance update which doesn’t affect most deployments. This update is related to an …

Continue reading

βœ‡ Active Directory Security

There’s Something About Service Accounts

By: Sean Metcalf β€”
Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost always over-privileged due to documented vendor requirements or because of operational challenges (β€œjust make it work”). We can discover service accounts by looking for user accounts with Kerberos Service Principal Names (SPNs) which I …

Continue reading

βœ‡ Active Directory Security

Mitigating Exchange Permission Paths to Domain Admins in Active Directory

By: Sean Metcalf β€”
This article is a cross-post from TrimarcSecurity.comOriginal article: https://www.trimarcsecurity.com/single-post/2019/02/12/Mitigating-Exchange-Permission-Paths-to-Domain-Admins-in-Active-Directory The IssueΒ Recently a blog post was published by Dirk-jan Mollema titled β€œAbusing Exchange: One API call away from Domain Admin ” (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/)which highlighted several issues with Exchange permissions and a chained attack which would likely result in a regular user with a mailbox being able to …

Continue reading

βœ‡ Active Directory Security

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration

By: Sean Metcalf β€”
It’s been almost 1.5 years since the Medium post by Shay Ber was published that explained how to execute a DLL as SYSTEM on a Domain Controller provided the account is a member of DNSAdmins. I finally got around to posting here since many I speak with aren’t aware of this issue. Shay describes this …

Continue reading

βœ‡ Active Directory Security

Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest

By: Sean Metcalf β€”
At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though one in particular caught my eye. Overview Lee figured out and presents a scenario where there’s an account …

Continue reading

βœ‡ Active Directory Security

Black Hat & DEF CON Presentation Slides Posted

By: Sean Metcalf β€”
I just uploaded the slides from my Black Hat & DEF CON talks from the past week in Vegas.Β  They are a bit different with the BH talk more Blue (defensive) and the DC talk mostly Red (Offensive) in focus. Also note that the only real overlap in content is the MFA & password vault …

Continue reading

  • There are no more articles
❌