Blue Team Basics: Active Directory Security Assessments

Want to annoy script kiddie hackers who rely on pressing buttons in Mimikatz? Then give this blog post about AD and Windows security basics! We’ll be going over some key techniques for safeguarding your network against common attack vectors, such as privileged account exposures, Pass-the-Ticket (PTT) attacks, and SID injection. We’ll also provide some powerful…

Read More

Security Identifiers (SIDs) and how to understand them [Part 2]

Welcome to Part 2 of a planned four-part series!   Part 1: Security Identifiers (SIDs) and Object Permissions in Windows Part 2: Security Identifiers (SIDs) and how to understand them (you’re reading this it now!) Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs) Part 4: Security Identifiers (SIDs) and User Rights Management In Part 1 we…

Read More

Security Identifiers (SIDs) and Object Permissions in Windows [Part 1]

Welcome to Part 1 of a planned four-part series! Part 1: Security Identifiers (SIDs) and Object Permissions in Windows (you’re reading this it now!) Part 2: Security Identifiers (SIDs) and how to understand them Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs)  Part 4: Security Identifiers (SIDs) and User Rights Management  So on to Part…

Read More

Automating CIS Benchmarks: Using the CIS-CAT Tool for Hardening and Compliance

This post is pretty heavy on the on-premise/hybrid/Windows Server/Active Directory side of things; so if you’re new to that then I recommend you read: Group Policy Administrative Templates (ADMX): What are they? How are they used? And what if I need to update them? Ingesting Policy Templates (ADMX) into Intune And/Or if you’re new to…

Read More

The 20 CIS Controls

This is going to be probably one of the, if not the most, driest blog posts I’ve written. But I’m a huge fan of CIS benchmarks and controls – and these 20 controls are a great starting point in terms of compliance and general hardening of your organizations security.  Update: I made a new post regarding…

Read More

Credential Guard: Protect Windows from pass-the-hash and pass-the-ticket attacks

Credential Guard is a component of Microsoft’s Virtualization-based Security Suite (VBS). With the help of the hypervisor, it protects the hashes of the credentials cached in RAM from attackers. And it is super simple to enable using Intune or Group Policy! So how does Credential Guard work? After successfully logging on to Active Directory, Windows…

Read More

Assigning Local Log on User Rights via Intune Settings Catalog

As helpful as wizards like Intune Security Baselines are useful for greenfields and inexperienced admins, those needing a little umph in their setups (especially those admins used to on-premise GroupPolicy Administrative Templates) found Intune’s offerings lacking – forced to use CSP policies and custom OMA-URIs like in the example above.   The settings catalogue aims…

Read More

Intune Security Baselines – What are they and how to use them?

Security baselines are intended to make it easier to configure security-related settings in Windows or Edge. They are available from Microsoft as Group Policy packages, or they can be configured through the interfaces for mobile device management such as Intune.   In my opinion, they are mainly intended for clients who have limited experience with Intune and/or security, i.e.,…

Read More