๐๐ฒ๐ณ๐ฎ๐๐น๐ โ ๐๐ฎ๐ฟ๐ฑ๐ฒ๐ป๐ฒ๐ฑ
Real configs. Real fixes. Windows & AD security.
Have you ever seen this ๐ฅ๐๐ฃ ๐ฐ๐ฒ๐ฟ๐๐ถ๐ณ๐ถ๐ฐ๐ฎ๐๐ฒ ๐๐ฎ๐ฟ๐ป๐ถ๐ป๐ด? Do you know ๐๐ต๐ฎ๐ ๐ถ๐ ๐บ๐ฒ๐ฎ๐ป๐?
It means the certificate presented by the target during RDP ๐ถ๐๐ปโ๐ ๐๐ฟ๐๐๐๐ฒ๐ฑ. Often itโs just a self-signed certโwhich isnโt a huge problem: you can make it trusted or distribute your own certificate. But it can also mean you connected by ๐๐ฃ ๐ฎ๐ฑ๐ฑ๐ฟ๐ฒ๐๐โ๐ฎ๐ป๐ฑ ๐๐ต๐ฎ๐โ๐ ๐ฎ ๐ฏ๐ถ๐ด ๐ฑ๐ฒ๐ฎ๐น โ ๏ธ.
In a default environment, using an ๐๐ฃ ๐๐ฟ๐ถ๐ด๐ด๐ฒ๐ฟ๐ ๐ก๐ง๐๐ , which is weaker than Kerberos from a cryptography perspective.
For access, always ๐๐๐ฒ ๐ต๐ผ๐๐๐ป๐ฎ๐บ๐ฒ๐ so you trigger ๐๐ฒ๐ฟ๐ฏ๐ฒ๐ฟ๐ผ๐ (ideally with AES). The same applies when configuring services or applicationsโdonโt use IPs unless itโs truly necessary.
You can also ๐ฐ๐ต๐ฒ๐ฐ๐ธ ๐๐ต๐ฒ ๐ฅ๐๐ฃ ๐ฐ๐ผ๐ป๐ป๐ฒ๐ฐ๐๐ถ๐ผ๐ป: click the lock iconโyou want to see Kerberos mentioned there โ .
๐ฆ๐ถ๐บ๐ฝ๐น๐ฒ ๐๐๐ฒ๐ฝ, ๐ฏ๐ถ๐ด ๐ต๐ฒ๐น๐ฝ. If you want to learn more about cybersecurity in Windows infrastructures, check out my ๐ณ๐ฟ๐ฒ๐ฒ ๐ฟ๐ฒ๐๐ผ๐๐ฟ๐ฐ๐ฒ๐:
https://academy.horizon-secured.com/p/free-resources
๐๐๐๐ง๐ฃ โข ๐ฝ๐ช๐๐ก๐ โข ๐ฟ๐๐๐๐ฃ๐
