Join Raymond and me as we discuss “UnOauthorized” with Eric Woodruff

Birds of a feather flock together. So, when fellow Security MVP and Identity nerd Eric Woodruff  visited our home country, Raymond Comvalius and I didn’t hesitate to offer him a pancake ‘breakfast’ to chat about all things Entra. Lunch and a laid-back conversation on Raymond’s couch unearthed some valuable discussion for us Identity & Security … Continue reading "Join Raymond and me as we discuss “UnOauthorized” with Eric Woodruff"

Entra ID Application Security – A Complex Problem with a Community Solution

Application governance in Entra is a hot topic these days, especially in the context of zero trust, where we aim for least-privilege access in terms of Graph API permissions, explicitly verify the identities of publishers and people in our organizations and assume breach.  Many organizations are decommissioning Active Directory Federation Services (AD FS) and switching … Continue reading "Entra ID Application Security – A Complex Problem with a Community Solution"

VMware addresses ‘ESX Admins’ authentication bypass vulnerability (CVE-2024-37085) in ESXi 8.0 Update 3

Today, Broadcom issued a second update to VMSA-2024-003 for VMware ESXi, specifically to address the vulnerability CVE-2024-37085. This vulnerability, with a CVSSv3 base score of 6.8 out of 10 (Moderate), allowed an adversary with sufficient Active Directory permissions to gain full access to ESXi hosts.   About the vulnerability For an adversary to abuse this … Continue reading "VMware addresses ‘ESX Admins’ authentication bypass vulnerability (CVE-2024-37085) in ESXi 8.0 Update 3"

VMware vSphere 8.0 Update 3 adds federation support for four Identity Providers

On June 25th, 2024, Broadcom made vSphere 8.0 Update 3 generally available. In the details of the Release Notes for vSphere 8.0 Update 3 and ESXi 8.0 Update 3, Broadcom announces PingFederate Support in vSphere Identity Federation. This is a huge update for Identity and Access admins using VMware's virtualization platform as it broadens their options … Continue reading "VMware vSphere 8.0 Update 3 adds federation support for four Identity Providers"

VMware's Enhanced Authentication Plug-in is deprecated and critically vulnerable – Remove it now (VMSA-2024-0003)

Two critical vulnerabilities in the optional Enhanced Authentication Plug-in require the immediate removal of this software from admin workstations and management servers.   About VMware's Enhanced Authentication Plug-in VMware's Enhanced Authentication Plug-in (EAP) is an optional piece of software that can be downloaded from VMware's download center and can be installed om admin workstations and … Continue reading "VMware's Enhanced Authentication Plug-in is deprecated and critically vulnerable – Remove it now (VMSA-2024-0003)"

How familiar are you with Entra ID App Registration and Enterprise App Security?

If you are unfamiliar with Microsoft Entra ID (formerly Azure Active Directory) and enterprise app security, you should take steps to change that. Application governance is complex, so its intricacies and importance tend to be overlooked when organizations first create a cloud security strategy. However, failing to properly secure and monitor Entra ID can result … Continue reading "How familiar are you with Entra ID App Registration and Enterprise App Security?"

I'm an Xcitium Most Valuable Professional

I'm proud to share that I've been named one of the 11 Xcitium Most Valuable Professionals worldwide.   About Xcitium MVPs Xcitium Most Valuable Professionals (MVPs) are recognized as cybersecurity experts who exhibit exceptional technical expertise and a talent for both sharing their knowledge, and building communities. The Trusted Advisory MVP Council is a cohort of … Continue reading "I'm an Xcitium Most Valuable Professional"

You're invited to the IT-University Masterclass – Adequately Securing Active Directory

On February 6th, 2023, I will be presenting a masterclass, together with Raymond Comvalius for IT-University.nl. Dutch Raymond and I will be presenting on a topic that is close to my heart: Active Directory. Active Directory has captivated the hearts of adversaries. Some ransomware gangs just simply lose interest want the device of a potential victim … Continue reading "You're invited to the IT-University Masterclass – Adequately Securing Active Directory"

Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical)

This week, new Proof of Concept code was publicly published to coerce a Certificate Authority (CA) to authenticate the domain controller using NTLM. This vulnerability was named DFSCoerce and has been published by Filip Dragovic. It is another vulnerability in the PetitPotam (or PrintNightmare) family of vulnerabilities, and is as difficult to mitigate as former … Continue reading "Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical)"

HOWTO: Detect NTLMv1 Authentication

Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. … Continue reading "HOWTO: Detect NTLMv1 Authentication"