Category Archives: Security

VMware's Enhanced Authentication Plug-in is deprecated and critically vulnerable – Remove it now (VMSA-2024-0003)

Two critical vulnerabilities in the optional Enhanced Authentication Plug-in require the immediate removal of this software from admin workstations and management servers.   About VMware's Enhanced Authentication Plug-in VMware's Enhanced Authentication Plug-in (EAP) is an optional piece of software that can be downloaded from VMware's download center and can be installed om admin workstations and […]


How familiar are you with Entra ID App Registration and Enterprise App Security?

If you are unfamiliar with Microsoft Entra ID (formerly Azure Active Directory) and enterprise app security, you should take steps to change that. Application governance is complex, so its intricacies and importance tend to be overlooked when organizations first create a cloud security strategy. However, failing to properly secure and monitor Entra ID can result […]


I'm an Xcitium Most Valuable Professional

I'm proud to share that I've been named one of the 11 Xcitium Most Valuable Professionals worldwide.   About Xcitium MVPs Xcitium Most Valuable Professionals (MVPs) are recognized as cybersecurity experts who exhibit exceptional technical expertise and a talent for both sharing their knowledge, and building communities. The Trusted Advisory MVP Council is a cohort of […]


You're invited to the IT-University Masterclass – Adequately Securing Active Directory

On February 6th, 2023, I will be presenting a masterclass, together with Raymond Comvalius for Dutch Raymond and I will be presenting on a topic that is close to my heart: Active Directory. Active Directory has captivated the hearts of adversaries. Some ransomware gangs just simply lose interest want the device of a potential victim […]


Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical)

This week, new Proof of Concept code was publicly published to coerce a Certificate Authority (CA) to authenticate the domain controller using NTLM. This vulnerability was named DFSCoerce and has been published by Filip Dragovic. It is another vulnerability in the PetitPotam (or PrintNightmare) family of vulnerabilities, and is as difficult to mitigate as former […]


HOWTO: Detect NTLMv1 Authentication

Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. […]


You’re invited to the IT-University Masterclass – Securing Active Directory using cloud services… Say What!?

On May 9th, 2022, I will be presenting a masterclass, together with Raymond Comvalius for Dutch Raymond and I will be presenting on establishing device trust in the modern age. Over 95% of organizations over 50 people use Active Directory today. Active Directory is the main target for attackers. This leads to data leaks […]


From the field: The Case of Raising the DFL to make all fail-over clusters inaccessible

Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. This week I experienced an issue at a customer, when they […]


HOWTO: Hunt for abuse of Azure AD Connect’s AD Connector account

Azure AD Connect Sync’s uses three separate accounts. Its AD Connector account is an account that has several permissions that warrant a closer look at how the account can be abused. Of course, we’ll need command lines to hunt for any misuse. About the AD Connector account Since Azure AD Connect version, the use […]


How to solve Azure AD Connect synchronization errors for objects with adminCount attributes set to 1

Roughly a year ago, I shared how to properly delegate Directory permissions to Azure AD Connect service accounts. One of the issues you might encounter with those steps is that you privileged accounts and previously-privileged accounts might present permission-issue errors in Azure AD Connect’s Synchronization Service Manager: Initially, I didn’t include these accounts into the […]