Want to annoy script kiddie hackers who rely on pressing buttons in Mimikatz? Then give this blog post about AD and Windows security basics! We’ll be going over some key techniques for safeguarding your network against common attack vectors, such as privileged account exposures, Pass-the-Ticket (PTT) attacks, and SID injection. We’ll also provide some powerful…
I just wanted to write a short piece on: Credential Guard: Protect Windows from pass-the-hash and pass-the-ticket attacks. But then I started digging more into it and sort of fell down the rabbit hole. Basically I’m what you would call a blue teamer. And I love my role! Sure, I’ve tried my hand at capture-the-flag and…
Welcome to Part 2 of a planned four-part series! Part 1: Security Identifiers (SIDs) and Object Permissions in Windows Part 2: Security Identifiers (SIDs) and how to understand them (you’re reading this it now!) Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs) Part 4: Security Identifiers (SIDs) and User Rights Management In Part 1 we…
Welcome to Part 1 of a planned four-part series! Part 1: Security Identifiers (SIDs) and Object Permissions in Windows (you’re reading this it now!) Part 2: Security Identifiers (SIDs) and how to understand them Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs) Part 4: Security Identifiers (SIDs) and User Rights Management So on to Part…
…And analyzing GPO readiness for imports and migrations! …and For Those Who Wanna Learn to Do Other Stuff Good Too! This post is meant as both a stand-alone guide but also as a Part 2 for Running CIS Assessments for Hardening (grome.dev). Well, kind of. I could have sworn I’d already done a write-up on how to…
This post is pretty heavy on the on-premise/hybrid/Windows Server/Active Directory side of things; so if you’re new to that then I recommend you read: Group Policy Administrative Templates (ADMX): What are they? How are they used? And what if I need to update them? Ingesting Policy Templates (ADMX) into Intune And/Or if you’re new to…
Credential Guard is a component of Microsoft’s Virtualization-based Security Suite (VBS). With the help of the hypervisor, it protects the hashes of the credentials cached in RAM from attackers. And it is super simple to enable using Intune or Group Policy! So how does Credential Guard work? After successfully logging on to Active Directory, Windows…
OK. Let me admit something. I did a write-up for some internal documentation at VENZO… and I copy/pasted quite a bit of this section pretty much all of it from How to enable WinRM with domain controller Group Policy for WMI monitoring – Auvik Support so kudos to the original author! But to be honest; it’s been…
As helpful as wizards like Intune Security Baselines are useful for greenfields and inexperienced admins, those needing a little umph in their setups (especially those admins used to on-premise GroupPolicy Administrative Templates) found Intune’s offerings lacking – forced to use CSP policies and custom OMA-URIs like in the example above. The settings catalogue aims…
Last time(!), some dastardly devil wrote a Part 1 guide on how to reset your administrator password via the On-Screen Keyboard and despite: It being a handy workaround for forgetful people; and Microsoft treating this as an acceptable risk …it is still pretty stupid. And, so, a colleague of mine asked the blindingly obvious… How do you…