In this blog in the “IT security under attack” series, we wanted to shed some light on an unfamiliar and seldom discussed topic in IT security: the default, out-of-the-box configurations in IT environments that may be putting your network and users at risk. Default settings, and why the initial configuration is not the most secure […]
IT security under attack: Credential dumping attacks in Windows environments
Most of the time, threat actors in the cybersecurity landscape don’t employ advanced techniques and tools to intrude and establish a foothold within networks. Often, they disguise malicious operations by mimicking the activities of legitimate users, leaving behind little to no footprint. Blending malicious actions with day-to-day IT activities helps attackers maintain a low profile […]
IT security under attack: Why are group memberships so crucial?
Security groups either make or break your IT security. Group memberships are responsible for administrative access in your your network and define access to other privileged resources and data on your domain. Ever wondered how a simple misconfiguration of a group membership could lead to a security incident? This blog elaborates the most common misconfiguration […]
Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds
A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even […]
IT security: Disrupting the cybersecurity kill chain by detecting domain reconnaissance
Cyberattacks are a growing threat, and organizations are investing time and money in security strategies to make certain that their infrastructures are secure. Active Directory (AD) is a constant target for compromise, as it’s at the core of any organization’s security — it handles authentication and authorization for all users in an organization. Hardening the […]
IT security: PowerShell as a cyberattack tool
Tools and features introduced with the intention of benefiting and empowering an organization can sometimes end up being misused. PowerShell is a classic example. PowerShell is a more powerful command-line interface that combines the old Command Prompt (CMD) functionality with a built-in scripting environment that can be leveraged to gain unprecedented access to a machine’s […]
How to Find Active Directory Accounts with Expiring Passwords
Every organization has one or more user accounts — used for services, applications, development, kiosks, or even standard employees — which need to ensure the password changes or the account will lock.
Domain Password Policies: Configuring and Auditing Correctly!
Over the past 14 years, I have been around the world helping admins, auditors, and security professionals understand how the domain password policy works in Active Directory. The default behavior has not changed in those 14 years, so you can imagine how many people I have helped, not to mention how many times I have spoken about it. So why mention it here