Active Directory Security Tip #1: Active Directory Admins 文章讨论了Active Directory安全审查的重要性，建议定期检查域管理员组成员及其嵌套组成员。需核实账户合理性、服务账户权限、密码状态及Kerberos设置等，并提供PowerShell脚本链接。... 2025-9-13 00:3:0 | 阅读: 5 | 收藏 | Active Directory Security - adsecurity.org security pyrotek3 passwords powershell exchange

Detecting Password Spraying with Security Event Auditing 文章介绍了“密码喷洒”攻击方法及其检测机制。攻击者通过自动化工具尝试常见密码登录多个用户账户以绕过账户锁定机制。检测方法包括监控事件ID 4625（登录失败）、4771（Kerberos预身份验证失败）和4648（显式凭据登录尝试），并建议启用日志记录和配置警报规则以识别异常活动。... 2025-8-19 01:50:8 | 阅读: 16 | 收藏 | Active Directory Security - adsecurity.org spraying 4625 graphic powershell

The Art of the Honeypot Account: Making the Unusual Look Normal 文章介绍了如何创建 honeypot（诱捕）账户以检测攻击者行为。通过使这些账户在 Active Directory 中看似正常且真实，防御者可以监控潜在恶意活动。文章详细说明了攻击者如何识别高权限账户，并提供了配置 honeypot 账户的方法以触发检测机制。... 2025-8-19 01:27:1 | 阅读: 19 | 收藏 | Active Directory Security - adsecurity.org attacker honeypot privileged identify passwords

Entra & Azure Elevated Access Revisited 文章探讨了Azure中Global Administrator通过特定配置获取对所有订阅和管理组的控制权限的风险，并分析了攻击者如何利用此权限进行横向移动和资源滥用。微软已增加监控和日志功能以缓解此类风险。... 2025-8-10 19:17:37 | 阅读: 9 | 收藏 | Active Directory Security - adsecurity.org elevated attacker membership elevate

BSides Dublin – The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations – Sean Metcalf Jun 05 20... 2024-6-5 23:23:56 | 阅读: 4 | 收藏 | Active Directory Security - adsecurity.org security mirror shifted perimeter microsoft

DEFCON 2017: Transcript – Hacking the Cloud 2024-5-29 00:29:2 | 阅读: 7 | 收藏 | Active Directory Security - adsecurity.org cloud security akacki geek trivia

Detecting the Elusive: Active Directory Threat Hunting May 28 20... 2024-5-29 00:22:28 | 阅读: 4 | 收藏 | Active Directory Security - adsecurity.org security microsoft elusive conferences sean

Detecting Kerberoasting Activity May 28 20... 2024-5-29 00:20:16 | 阅读: 2 | 收藏 | Active Directory Security - adsecurity.org passwords poor cracking visited

Detecting Password Spraying with Security Event Auditing May 28 20... 2024-5-29 00:17:58 | 阅读: 3 | 收藏 | Active Directory Security - adsecurity.org lockout guessing passwords spraying visits

Hardening Azure AD in the Face of Emerging Threats In September of 2021, Trimarc Founder & CTO Sean Metcalf presented at Que... 2024-5-29 00:14:26 | 阅读: 3 | 收藏 | Active Directory Security - adsecurity.org cloud microsoft enjoy quest metcalf

Attacking Active Directory Group Managed Service Accounts (GMSAs) May 29 20... 2020-5-29 22:0:0 | 阅读: 5 | 收藏 | adsecurity.org gmsa gmsas msds security mimikatz

From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path May... 2020-5-28 02:0:0 | 阅读: 4 | 收藏 | adsecurity.org attacker microsoft powershell membership acme

From Azure AD (Entra ID) to Active Directory (via Azure) – An Unanticipated Attack Path 文章描述了通过 Azure Active Directory 中的 Global Administrator 角色滥用权限的风险。攻击者可通过密码喷射获取 Office 365 全局管理员账户，并利用该账户在 Azure 中获得管理权限。这可能导致攻击者控制 Azure 虚拟机和 Active Directory 域控制器，进而引发全面的安全威胁。... 2020-5-27 19:17:0 | 阅读: 0 | 收藏 | Active Directory Security - adsecurity.org attacker powershell membership rbac acme

What is Azure Active Directory? Jan... 2020-1-13 04:17:3 | 阅读: 14 | 收藏 | adsecurity.org cloud powershell microsoft spraying

Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud Aug 07 20... 2019-8-8 03:15:59 | 阅读: 5 | 收藏 | adsecurity.org cloud microsoft pace sean security

AD Reading: Windows Server 2019 Active Directory Features Aug 01 20... 2019-8-2 03:17:52 | 阅读: 4 | 收藏 | adsecurity.org ese database windows ntds memory

There’s Something About Service Accounts Mar... 2019-3-21 23:17:21 | 阅读: 4 | 收藏 | adsecurity.org backup privileged membership spns security

Attack Methods for Gaining Domain Admin Rights in Active Directory – Active Directory Security There are many ways an attacker can gain Domain Admin rights in Active Directory. This post... 2019-03-16 01:35:58 | 阅读: 382 | 收藏 | adsecurity.org attacker dit ntds network passwords

Mitigating Exchange Permission Paths to Domain Admins in Active Directory He highlights the key components of the issue in the blog post introd... 2019-2-13 03:2:24 | 阅读: 4 | 收藏 | adsecurity.org exchange windows microsoft trimarc forest

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration Oct 11 20... 2018-10-11 22:24:8 | 阅读: 3 | 收藏 | adsecurity.org dnsadmins shay microsoft dnscmd