Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Netwrix

RID Hijacking: How Guests Become Admins

RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to grant admin privileges to the Guest account (or another local account). That way, they can take actions using the Guest account, which is normally not under the same level of surveillance as the Administrator account, to expand their attack while remaining undetected.

An Active Directory Domain Controller Could Not Be Contacted

When I try to join a new Windows workstation or server to an Active Directory (AD) domain, I sometimes encounter the following error: “An Active Directory Domain Controller (AD DC) for the domain ‘domainname’ could not be contacted.” This error can occur due to any of several reasons, from a simple incorrect DNS server IP address to a much more complex issue.

Lateral Movement to the Cloud with Pass-the-PRT

Attackers use a variety of tactics to spread laterally across on-premises Windows machines, including Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash and Golden Tickets attacks. But similar techniques are also effective in moving laterally from a compromised workstation to connected cloud resources, bypassing strong authentication measures like MFA. This article explains how attackers can perform lateral movement to the cloud with an attack called Pass-the-PRT.

What a Baseline Configuration Is and How to Prevent Configuration Drift

Configuration drift seems inevitable — the gradual but unintentional divergence of a system’s actual configuration settings from its secure baseline configuration. Proper configuration of your infrastructure components is vital for security, compliance and business continuity, but setting changes are often made without formal approval, proper testing and clear documentation.

"Get ADUser Not Recognized" Error in PowerShell

The Get-ADUser PowerShell cmdlet is very helpful for Active Directory user management. But what if you try to use Get-ADUser and get the error below? The term ‘Get-ADUser’ is not recognized as the name of a cmdlet, function, script file or operable program. This error simply means that the Active Directory module for PowerShell is not available on your machine.

Get-ADGroupMember Cmdlet: Find Active Directory Group Members

Using Active Directory security groups is a best practice for quickly and accurately assigning permissions to users, computers, and groups. But how can you get a list of all the members of a security group? While you could use the PowerShell cmdlet Get-ADGroup, group members will be identified by their distinguished names, making the results difficult to read. A better option is to use the Get-ADGroupMember cmdlet. This article provides the syntax of this cmdlet and lots of useful examples.

Types of Active Directory Groups & Scopes

Active Directory groups are sets of Active Directory (AD) objects — such as users, computers, and even other groups. Using AD groups helps simplify IT administration and ensure accurate delegation of rights and dissemination of information. Active Directory has several built-in groups, and organizations create many additional groups.