Active Directory persistence through userAccountControl manipulation
I’ve been doing some research on group Managed Service Accounts (gMSAs) recently, and reading the MS-SAMR protocol...
Infrastructure
March 26, 2025
Introduction to NTLM and Kerberos
Connecting all your company resources in a network for sharing is valuable, but you need a way to verify that only authorized users and devices can access these...
The National Institute of Standards and Technology (NIST) helps organizations implement best practices across their operations, including cybersecurity. In particular, NIST password guidelines...
Compromising privileged accounts is the penultimate objective of most cyberattacks — once attackers gain privileged access, they can then accomplish their final goal, whether that’s to steal or...
Infrastructure
August 14, 2023
Local WMI querying is straightforward to implement and troubleshoot — but remote WMI querying is another story. Indeed, setting up secure remote WMI querying for a user with no admin rights...
Mimikatz is a popular post-exploitation tool that hackers use for lateral movement and privilege escalation. While Mimikatz is quite powerful, it does have some important limitations:
It...
Infrastructure
July 6, 2023
Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced...
Cybersecurity
May 5, 2023
Despite the popularity of the cloud, Microsoft Active Directory (AD) remains a crucial component of the IT infrastructure for many organizations. Indeed, Active Directory often serves as the central...
Infrastructure
April 28, 2023
Microsoft Active Directory (AD) is the central credential store for 90% of organizations worldwide. As the gatekeeper to business applications and data, it’s not just everywhere, it’s...
Cybersecurity
April 21, 2023
Compromising the credentials of Active Directory accounts remains a primary way for adversaries to gain a foothold in an organization’s IT ecosystem. They use a range of tactics, including...
