Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
Configuring a SACL to prevent unauthorized changes to Active Directory attributes, enabling auditing and monitoring for potential attacks, and detecting…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
Here is a meta description summarizing the key benefits and value proposition of this webpage, within the 150-160 character limit:
Detecting Windows SACL…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
blue team
Azure AD Kerberos Tickets: Pivoting to the Cloud
Compromising an Azure cloud presence via machine account SSO is possible, allowing attackers to impersonate any account without MFA, using compromised service…
2023 Resolutions for Script Kiddies
Don't rely on being alt, use multifactor authentication and stay current with software updates to protect against evolving threats in 2023.
More Active Directory for Script Kiddies
Learn how to easily exploit Active Directory for Script Kiddies, a guide to AD enumeration and hacking tools, with TrustedSec.
Active Directory for Script Kiddies
Introduction It seems like all these corporate types are using Active Directory. What is this “Active Directory”? And how can I use it to make my job as a…
I Wanna Go Fast, Really Fast, like (Kerberos) FAST
Testing and verifying the effectiveness of Kerberos FAST for protection against offline dictionary attacks, a critical security feature for a defense-in-depth…
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
Detect and prevent Windows attack paths using Splunk SPL queries for proactive and reactive defensive operations, including creating new computer accounts,…
Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer
NTDS.dit is the file housing the data for Windows Active Directory (AD). In this blog post, I’ll be diving into how the file is organized. I’ll also be walking…
A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum
This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1 IntroductionLast year, Andrew and I posted a four (4) part blog series…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
Configuring a SACL to prevent unauthorized changes to Active Directory attributes, enabling auditing and monitoring for potential attacks, and detecting…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
Here is a meta description summarizing the key benefits and value proposition of this webpage, within the 150-160 character limit:
Detecting Windows SACL…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
blue team
Azure AD Kerberos Tickets: Pivoting to the Cloud
Compromising an Azure cloud presence via machine account SSO is possible, allowing attackers to impersonate any account without MFA, using compromised service…
2023 Resolutions for Script Kiddies
Don't rely on being alt, use multifactor authentication and stay current with software updates to protect against evolving threats in 2023.
More Active Directory for Script Kiddies
Learn how to easily exploit Active Directory for Script Kiddies, a guide to AD enumeration and hacking tools, with TrustedSec.
Active Directory for Script Kiddies
Introduction It seems like all these corporate types are using Active Directory. What is this “Active Directory”? And how can I use it to make my job as a…
I Wanna Go Fast, Really Fast, like (Kerberos) FAST
Testing and verifying the effectiveness of Kerberos FAST for protection against offline dictionary attacks, a critical security feature for a defense-in-depth…
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
Detect and prevent Windows attack paths using Splunk SPL queries for proactive and reactive defensive operations, including creating new computer accounts,…