Collaborate Disseminate
In the past two weeks, Log4j has continued to drive security news, with more vulnerable platforms being found, and additional CVEs coming out. First up is work done by TrendMicro, …read more Continue reading This Week in Security: The Log4j That Won’t Go Away, WebOS, and More
The Petri IT Knowledgebase is looking for writers! Petri is a leading site providing IT professionals with tutorials, news, and advice on how to work with Microsoft enterprise technologies. The editorial team is looking for content creators and IT professionals in the field who would like to help others by contributing their knowledge in the […] Continue reading Petri is Looking for Writers
Last month, Microsoft released the November Patch Tuesday updates to address two Active Directory (AD) Domain Services privilege escalation security flaws affecting all supported versions of Windows Server. But it looks like some customers have not updated their servers yet. The company published a blog post yesterday advising customers to install the emergency fixes on […] Continue reading Microsoft Advises Customers to Patch Active Directory Privilege Escalation Vulnerability
I have seen Event Logs in Windows Event Viewer with EventID 6038 from Source LsaSrv.
My systems are: SQL server 2019 and Windows 10 20H2 machines.
I am attempting to audit what is using NTLM Authentication but do not know how to do this wi… Continue reading How can I find out what is using NTLM in my environment?
Our Active Directory logins are currently e.g. john.smith@mycompany.com (i.e. the same as our email addresses). A friend said his company uses numbers for login (e.g. 90210@mycompany.com) for security reasons (the login being internal and … Continue reading Employee ID instead of employee names for corporate login?
The Hybrid Identity Protection (HIP) Conference (HIP) is the premier educational forum for IT pros tasked with managing identity and securing hybrid cloud environments. As the global health pandemic and move to digitalization change the way enterprises work, the HIP Conference helps IT pros to learn and implement technology that mitigates new business risks. The […] Continue reading Semperis Hybrid Identity Protection Conference 2021
Gaining access to domain admin credentials is part of the endgame in many sophisticated attacks where threat actors are trying to maintain persistence. One of the ways that adversaries accomplish this is through DCSync attacks. What is a DCSync attack?… Continue reading Guarding against DCSync attacks
Microsoft has issued an out-of-band emergency update fix to patch an authentication issue that was caused by the November 9th cumulative update for Windows Server. The bug affects Windows Server 2008 SP2 through to Windows Server 2019. The November 9th Patch Tuesday cumulative update (CU) for Windows Server causes a problem that can cause authentication […] Continue reading Microsoft Issues Emergency Update Fix for Windows Server SSO Authentication Bug
I have a CA and an Active Directory + ADFS instances set up on a Windows Server 2016 machine. I issued a client certificate for one of the users (for smart card logon) and then revoked it. However, I’m still able to log in via the revoked … Continue reading Revoked certificate not getting into Microsoft CA CRL
Currently looking for a way to prevent unauthenticated user enumeration on a Domain Controller. This is a security precaution I’d like to implement, next to the existing measures taken prevent unauthorized DC access.
Kerbrute states the fo… Continue reading Is it possible to prevent Kerbrute from unauthenticated user enumation Active Directory?