Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft released a valuable new Azure feature in December of 2021: custom security attributes. This feature is still in preview. Custom security attributes enable organizations to define new attributes to meet their needs. These attributes can be used to store information or, more notably, implement access controls with Azure attribute-based access control (ABAC). Azure ABAC, which is also in preview, enables an organization to define access rules based on the value of an object’s attribute.

Azure Active Directory holds the keys to your Microsoft 365 kingdom. Responsible for vital functions such as authentication and authorization, Azure AD is ultimately responsible for managing access across the Microsoft cloud ecosystem. For that reason, is the target of many cyberattacks. In this blog post, we will detail the top 5 security best practices to follow to secure your Azure Active Directory and protect your business.

Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments. In this blog post, we’ll describe some of the detection opportunities available to cyber defenders and highlight detections from the analytic story.

Netlogon Service is a Microsoft Windows Server process used to validate or authenticate users and devices in a domain. It is used to confirm the user’s identity on any particular network that the user is trying to access. Netlogon is a process, not an application, therefore it is continuously running in the background. It can be stopped either manually or by some runtime error.

Keeping Active Directory secure is one of the most critical tasks for organizations’ information security. Keeping track of users’ activity is a fundamental part of AD security. But before jumping into purchasing shiny tools, there’s a lot you can do by simply changing and leveraging AD built-in audit capabilities.

Dealing with the massive architecture of client-server networks requires effective security measures. Everyone has become painfully aware of all dangerous fishes roaming around the pool of the network, trying to get access to the system. Having a weak password policy is a key vector for attackers to gain system access. However, admins can help protect password security of the wide-reaching network using Group Management Policy (GPO).

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

The main difference in LDAP vs Active Directory is that while both LDAP and Active Directory are used for querying user identity information, AD contains a complete network operating system with services such as DNS, DHCP etc. In contrast, LDAP does not have any of those functionalities. Understanding LDAP plays an essential part in getting to know your Active Directory better and preventing data breaches and unauthorised access.

Active Directory Certificate Services has been around for a long time, but resources for learning it are not great. As a result, it often has misconfigurations that are an increasing vector for attacks. In fact, SpecterOps released a whitepaper detailing a number of misconfigurations and potential attacks and providing hardening advice.