Want to annoy script kiddie hackers who rely on pressing buttons in Mimikatz? Then give this blog post about AD and Windows security basics! We’ll be going over some key techniques for safeguarding your network against common attack vectors, such as privileged account exposures, Pass-the-Ticket (PTT) attacks, and SID injection. We’ll also provide some powerful…
Defender, defender everywhere, That’s the story of Microsoft’s branding strategy theee days. I wasn’t the biggest fan of Intune being renamed the generic Endpoint Manager. I’m curious how many results get hidden on Google because pretty much everyone searches for *Intune* despite the rebranding years ago? It’s enough to give someone, like me who works…
I just wanted to write a short piece on: Credential Guard: Protect Windows from pass-the-hash and pass-the-ticket attacks. But then I started digging more into it and sort of fell down the rabbit hole. Basically I’m what you would call a blue teamer. And I love my role! Sure, I’ve tried my hand at capture-the-flag and…
Welcome to Part 2 of a planned four-part series! Part 1: Security Identifiers (SIDs) and Object Permissions in Windows Part 2: Security Identifiers (SIDs) and how to understand them (you’re reading this it now!) Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs) Part 4: Security Identifiers (SIDs) and User Rights Management In Part 1 we…
Welcome to Part 1 of a planned four-part series! Part 1: Security Identifiers (SIDs) and Object Permissions in Windows (you’re reading this it now!) Part 2: Security Identifiers (SIDs) and how to understand them Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs) Part 4: Security Identifiers (SIDs) and User Rights Management So on to Part…
This post is pretty heavy on the on-premise/hybrid/Windows Server/Active Directory side of things; so if you’re new to that then I recommend you read: Group Policy Administrative Templates (ADMX): What are they? How are they used? And what if I need to update them? Ingesting Policy Templates (ADMX) into Intune And/Or if you’re new to…
This is going to be probably one of the, if not the most, driest blog posts I’ve written. But I’m a huge fan of CIS benchmarks and controls – and these 20 controls are a great starting point in terms of compliance and general hardening of your organizations security. Update: I made a new post regarding…
Credential Guard is a component of Microsoft’s Virtualization-based Security Suite (VBS). With the help of the hypervisor, it protects the hashes of the credentials cached in RAM from attackers. And it is super simple to enable using Intune or Group Policy! So how does Credential Guard work? After successfully logging on to Active Directory, Windows…
As helpful as wizards like Intune Security Baselines are useful for greenfields and inexperienced admins, those needing a little umph in their setups (especially those admins used to on-premise GroupPolicy Administrative Templates) found Intune’s offerings lacking – forced to use CSP policies and custom OMA-URIs like in the example above. The settings catalogue aims…
Security baselines are intended to make it easier to configure security-related settings in Windows or Edge. They are available from Microsoft as Group Policy packages, or they can be configured through the interfaces for mobile device management such as Intune. In my opinion, they are mainly intended for clients who have limited experience with Intune and/or security, i.e.,…