Active Directory (AD) security groups enable administrators to grant access to IT resources, both within a domain and across domains. However, groups can be members of other groups. This group nesting has profound implications for security, so it’s vital to understand nesting and how to nest groups correctly. This article explains how group nesting works and the best practices to follow.
The Get-ADUser cmdlet in PowerShell provides many parameters for finding one or more users in an Active Directory (AD) domain. By default, PowerShell runs using the account that is logged on to the machine. If you want to run a command using a different account, you can force PowerShell to prompt you for the credentials by using this switch before your command.
This article rounds out a series of articles on Kerberos delegation. Before reading it, we suggest making sure you are familiar with both Active Directory delegation and Kerberos delegation, and have read the earlier posts in the series that provide an overview of how resource-based constrained delegation and unconstrained delegation are configured and how they can be abused. This article explains how a constrained delegation attack enables an adversary to gain elevated access to vital services.
Compromising the credentials of Active Directory accounts remains a primary way for adversaries to gain a foothold in an organization’s IT ecosystem. They use a range of tactics, including credential stuffing, password spraying, phishing and brute-force attacks This blog post details key best practices for effective user credential management. Then it dives into how software can help enforce those best practices and further secure user credentials.
Commonly referred to as Zerologon, CVE-2020-1472 is the Common Vulnerabilities and Exposures (CVE) identifier assigned to a vulnerability in Microsoft’s Netlogon Remote Protocol (MS-NRPC). MS-NRPC is essential for authentication of both user and machine accounts in Active Directory.
Adversaries use multiple techniques to identify and exploit weaknesses in Active Directory (AD) to gain access to critical systems and data. This blog post explores 3 ways they use PowerShell PowerSploit to elevate or abuse permissions, and offers effective strategies for protecting against them.
Active Directory (AD) is a database and set of services that offers centralized management of IT infrastructure resources. It connects users with the resources they require to get their work done. Therefore, technicians must be able to quickly check and recover AD attributes that are modified or deleted by hardware failures, cyberattacks, scripting mistakes and other problems.
Users normally update their domain account passwords using the Windows Settings menu. But if they forget their password or their account is disabled, an administrator needs to step in. This blog post explores several ways that an admin can reset a user’s password or create a new one. First, we review the easiest options: Active Directory Users and Computers (ADUC) and Active Directory Administrative Center (ADAC).
