logo

Kevin Joyce

Senior Technical Product Manager at Netwrix. Kevin is passionate about cyber-security and holds a Bachelor of Science degree in Digital Forensics from Bloomsburg University of Pennsylvania.
Identity
May 20, 2023

RID Hijacking: How Guests Become Admins

RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to...
Identity
April 28, 2023

Active Directory Security Groups vs Distribution Groups

Using groups is a best practice for Active Directory management. This article describes the two types of Active Directory groups — security groups and distribution groups — and offers guidance...
Cybersecurity
April 14, 2023

What Is Zerologon and How Do You Mitigate It?

Commonly referred to as Zerologon, CVE-2020-1472 is the Common Vulnerabilities and Exposures (CVE) identifier assigned to a vulnerability in Microsoft's Netlogon Remote Protocol (MS-NRPC). MS-NRPC...
Infrastructure
December 2, 2022

PUBLIC Role in Oracle

Roles make it easier to grant and revoke privileges for users of a relational database. Rather than managing privileges for each user individually, you manage privileges for each role and all...
Cybersecurity
November 29, 2022

Commando VM: An Introduction

What is Commando VM? Commando VM is a testing platform that Mandiant FireEye created for penetration testers who are more comfortable with the Windows operating system. Essentially, Commando VM is...
Identity
November 14, 2022

Active Directory Delegation Overview

Understanding Active Directory (AD) permissions is vital for cybersecurity, compliance and business continuity. In this blog, we’ll be going over, at a high level, how Active Directory permission...
Identity
October 13, 2022

Securing Your Group Managed Service Accounts

Group Managed Service Accounts Overview The traditional practice of using regular user accounts as service accounts puts the burden of password management on users. As a result, the account...
Identity
October 11, 2022

WDigest Clear-Text Passwords: Stealing More than a Hash

What is WDigest? Digest Authentication is a challenge/response protocol that was primarily used in Windows Server 2003 for LDAP and web-based authentication. It utilizes Hypertext Transfer Protocol...
Cybersecurity
September 30, 2022

Stealing User Passwords with Mimikatz DCSync

Mimikatz provides a variety of ways to extract and manipulate credentials, but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain...
Show more articles