You’re invited to the IT-University Masterclass – Securing Active Directory using cloud services… Say What!?

On May 9th, 2022, I will be presenting a masterclass, together with Raymond Comvalius for IT-University.nl. Dutch Raymond and I will be presenting on establishing device trust in the modern age. Over 95% of organizations over 50 people use Active Directory today. Active Directory is the main target for attackers. This leads to data leaks … Continue reading "You’re invited to the IT-University Masterclass – Securing Active Directory using cloud services… Say What!?"

From the field: The Case of Raising the DFL to make all fail-over clusters inaccessible

Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. This week I experienced an issue at a customer, when they … Continue reading "From the field: The Case of Raising the DFL to make all fail-over clusters inaccessible"

I will be speaking at a WICCA online event next week!

It's been a while, but I will be speaking at a WICCA online event next week. WICCA stands for "Women In Cybersecurity Community Association". Their goal is "to bring infosec ladies and female security enthusiasts together to learn about exploits, hacking, incident response, forensics, the low-level stuff and make bad crypto jokes!" At their June … Continue reading "I will be speaking at a WICCA online event next week!"

HOWTO: Hunt for abuse of Azure AD Connect’s AD Connector account

Azure AD Connect Sync’s uses three separate accounts. Its AD Connector account is an account that has several permissions that warrant a closer look at how the account can be abused. Of course, we’ll need command lines to hunt for any misuse. About the AD Connector account Since Azure AD Connect version 1.4.18.0, the use … Continue reading "HOWTO: Hunt for abuse of Azure AD Connect’s AD Connector account"

How to solve Azure AD Connect synchronization errors for objects with adminCount attributes set to 1

Roughly a year ago, I shared how to properly delegate Directory permissions to Azure AD Connect service accounts. One of the issues you might encounter with those steps is that you privileged accounts and previously-privileged accounts might present permission-issue errors in Azure AD Connect’s Synchronization Service Manager: Initially, I didn’t include these accounts into the … Continue reading "How to solve Azure AD Connect synchronization errors for objects with adminCount attributes set to 1"

HOWTO: Check your LAPS Implementation for Proper Security

Recently, several projects, including Akijo’s and n00py’s work, have emerged that exploit misconfigurations of Microsoft’s Local Administrator Password Solution (LAPS) in Active Directory environments. This begs the question: how to make sure their LAPS implementation is secure? It’s a solution to manage passwords for privileged accounts. If this breaks, like cpassword values in Group Policy … Continue reading "HOWTO: Check your LAPS Implementation for Proper Security"

TODO: Stream additional logs from Azure AD for optimal visibility

Over the past six months, I’ve shown you ways to get to know the devices that people in your organization use App Passwords on, set an alert to notify when an additional person is assigned the Azure AD Global Administrator role and set an alert to notify when an Azure AD emergency access account is … Continue reading "TODO: Stream additional logs from Azure AD for optimal visibility"

Experiences with Zero Trust

Recently, people responsible for identity, security and governance have embraced the vision of Zero Trust. It is the logical evolution of our thinking towards an actionable, more thorough and holistic approach to access, based on the mantra ‘trust no-one, verify everything’. Today, I'm sharing my early experiences in this field.   The idea of Zero … Continue reading "Experiences with Zero Trust"

TODO: Require MFA from four more Azure AD Roles through your Conditional Access Policies

As part of MC224734, Microsoft has communicated publicly that they are requiring multi-factor authentication (MFA) from four more Azure AD privileged roles through the Security Defaults functionality. Organizations leveraging Conditional Access to require MFA from privileged accounts should take note.   About Security Defaults Security Defaults is an Identity security feature. When enabled, it requires … Continue reading "TODO: Require MFA from four more Azure AD Roles through your Conditional Access Policies"

Easily list mail DNS records via this PowerShell script

I get to investigate quite some mail environments in my work as a consultant. At a certain point you see some patterns emerging. One of those patterns is the correct configuration of mail related DNS records. It's one of the first things I check when I must check an unfamiliar environment. I have talked about … Continue reading "Easily list mail DNS records via this PowerShell script"