Tag
Active Directory
Active Directory
SCCM Hierarchy Takeover via Entra Integration…Because of the Implication
TL;DR SCCM sites (prior to KB35360093) integrated with Entra ID can be abused to compromise the...
Nov 19, 2025
Read Post
Active Directory
AdminSDHolder: Misconceptions, Misconfigurations, and Myths
TL;DR: This blog is the brief version. I love delving into ancient history. The Fall of...
Oct 31, 2025
Read Post
Active Directory
Is Kerberoasting Still a Risk When AES-256 Kerberos Encryption Is Enabled?
TL;DR Kerberoasting is fundamentally a weak password problem. Stronger encryption slows down cracking, but it doesn’t...
Oct 21, 2025
Read Post
Active Directory
The Clean Source Principle and the Future of Identity Security
TL;DR Modern identity systems are deeply interconnected, and every weak dependency creates an attack path — no...
Oct 8, 2025
Read Post
Active Directory
WriteAccountRestrictions (WAR) – What is it good for?
TL;DR A lot of things. The User-Account-Restrictions property grants read/write permissions to the user-account-control LDAP attribute,...
Oct 1, 2025
Read Post
Active Directory
Entra Connect Attacker Tradecraft: Part 3
TL;DR Attackers can exploit Entra Connect sync accounts to hijack device userCertificate properties, enabling device impersonation...
Jul 30, 2025
Read Post
Active Directory
Privilege Zones: BloodHound Enterprise spreading like a computer virus (of security)
TL;DR The BloodHound Enterprise team recently pushed out Privilege Zones, one of the most requested features...
Jul 8, 2025
Read Post
Active Directory
Good Fences Make Good Neighbors: New AD Trusts Attack Paths in BloodHound
TL;DR The ability of an attacker controlling one domain to compromise another through an Active Directory...
Jun 25, 2025
Read Post
Active Directory
Untrustworthy Trust Builders: Account Operators Replicating Trust Attack (AORTA)
TL;DR The Incoming Forest Trust Builders group (not AdminSDHolder protected) can create inbound forest trusts with...