๐๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ: Real-World Findings from Security Assessments
๐ฅ๐ฒ๐ฒ.๐ณ% of infrastructures I analyzed ๐๐๐ฒ ๐ฏ๐ฎ๐๐ถ๐ฐ ๐ฑ๐ผ๐บ๐ฎ๐ถ๐ป ๐๐๐ฒ๐ฟ ๐ฎ๐ฐ๐ฐ๐ผ๐๐ป๐๐ ๐ฎ๐ ๐๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ ๐ฎ๐ฐ๐ฐ๐ผ๐๐ป๐๐.
This is one of the most widespread โ and dangerous โ misconfigurations I encounter.
๐ช๐ต๐? Because these accounts are usually:
โ Old and unmanaged
โ Have weak or never-rotated passwords
โ Registered with SPNs = juicy Kerberoasting targets
โ Sometimes even have admin or domain admin privileges
I get it โ a new app or system goes live, someone needs a service accountโฆ and nobody knows the requirements. So they take the easy route: “Just create a regular user account and give it rights.”
๐๐๐ ๐๐ฒ ๐ต๐ฎ๐๐ฒ ๐ฏ๐ฒ๐๐๐ฒ๐ฟ ๐ผ๐ฝ๐๐ถ๐ผ๐ป๐ ๐ป๐ผ๐:
โ Virtual Service Accounts (VSA)
โ Group Managed Service Accounts (gMSA)
โ Delegated Managed Service Accounts (DMSA) โ my favorite, especially for migrating from basic accounts.
๐๐ณ ๐๐ผ๐ ๐ฎ๐ฏ๐๐ผ๐น๐๐๐ฒ๐น๐ ๐บ๐๐๐ use a basic user account, secure it:
๐ Strong, rotated password
๐ Scoped access
๐ Delegated permissions
๐ Tiering compliance
๐ฌ Do you still have basic user accounts running critical services in your environment?
