Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at DirTeam.com and ServerCore.net. He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.

Security Thoughts: Leveraging NTLM Hashes using Kerberos RC4-HMAC encryption (AKA Aorato’s Active Directory Vulnerability)

In a blogpost today, Tal Be'ery, Vice President Research at Aorato, an Israeli security company consisting of veterans of the Israeli Defense Forces specializing in Active Directory, published how weak encryption enables an attacker to change a victim’s password without being logged. Labeled as a vulnerability in Active Directory, this information sparked some controversy, so … Continue reading "Security Thoughts: Leveraging NTLM Hashes using Kerberos RC4-HMAC encryption (AKA Aorato’s Active Directory Vulnerability)"

Security Thoughts: LSASS Protection in Windows 8.1 and Windows Server 2012 R2

I’ve written about Pass-the-Hash (PtH) attacks before. Today, I’m writing on the cleanup mechanisms to remove lingering password(hashe)s from Windows, that Microsoft has introduced with Windows 8.1 and Windows Server 2012 R2. These mechanisms help protect against Pass-the-Hash (PtH) attacks.

I’ll be speaking at the Datacenter Group’s Partner Event

Working at a Systems Integrator (SI) has its perks. I get to discuss interesting technologies with interesting customers and interesting partners. Sometimes, my playing field feels like an ecosystem where manufacturers, partners and customers think and act like one. One of the partners we’re working closely these days and gives me that special feeling is … Continue reading "I’ll be speaking at the Datacenter Group’s Partner Event"

I’ll be speaking at Ngi-NGNs ‘Systems Management: Beyond Control’ event

I’ve been associated with the Dutch Networking User Group (NGN) for almost five years now. I’ve been speaking at their events and have helped others achieve the same goal. NGN has recently joined forces with the Dutch Platform for IT Professionals (Ngi), and an old tradition has been dusted off: We’re organizing a Windows Server-themed … Continue reading "I’ll be speaking at Ngi-NGNs ‘Systems Management: Beyond Control’ event"

KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU

As part of the May 2014 Update Rollup, Microsoft has released an update for Windows Server 2012 R2-based Active Directory Federation Services (AD FS) Proxies, consuming 100% CPU. This leads to rejected logons and slow performance for colleagues trying to authenticate to the Active Directory Federation Services (AD FS) infrastructure.     The situation The Active … Continue reading "KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU"

KnowledgeBase: You cannot log on as a local administrator when you restart in Directory Services Repair Mode

As part of the May 2014 Update Rollup, Microsoft has fixed a problem that I hope has not been bugging any Active Directory Admin… On Windows Server 2012 and Windows Server 2012 R2-based Domain Controllers, an issue was identified that blocks access to the Directory Services Restore Mode (DSRM).   The situation On Windows Server … Continue reading "KnowledgeBase: You cannot log on as a local administrator when you restart in Directory Services Repair Mode"

Security Thoughts: Internet Explorer 8 Woes (CVE-2014-1770)

Last week, the Zero Day Initiative (ZDI) decided that Microsoft has had enough time within its coordinated vulnerability disclosure program to fix a vulnerability in Internet Explorer 8. This use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call … Continue reading "Security Thoughts: Internet Explorer 8 Woes (CVE-2014-1770)"