Category: Active Directory – Security

Do you scan your AD for attack paths?

🔒 Secure Bits 💡 𝗗𝗼 𝘆𝗼𝘂 𝘀𝗰𝗮𝗻 𝘆𝗼𝘂𝗿 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 𝗳𝗼𝗿 𝗮𝘁𝘁𝗮𝗰𝗸 𝗽𝗮𝘁𝗵𝘀? From my experience doing security assessments — there’s 𝗮𝗹𝘄𝗮𝘆𝘀 𝗮𝘁 𝗹𝗲𝗮𝘀𝘁 𝗼𝗻𝗲 𝗮𝘁𝘁𝗮𝗰𝗸 𝗽𝗮𝘁𝗵 to Domain Admin. Always. And these don’t come from one big misconfiguration… They’re built from multiple small issues 𝗰𝗵𝗮𝗶𝗻𝗲𝗱 𝘁𝗼𝗴𝗲𝘁𝗵𝗲𝗿. 𝗪𝗵𝘆 𝘀𝗵𝗼𝘂𝗹𝗱 𝘆𝗼𝘂 𝘀𝗰𝗮𝗻 𝘆𝗼𝘂𝗿 𝗔𝗗 𝗿𝗲𝗴𝘂𝗹𝗮𝗿𝗹𝘆? 🛠 […]

Final months for RC4

🔒 Secure Bits 💡 𝗙𝗶𝗻𝗮𝗹 𝗺𝗼𝗻𝘁𝗵𝘀 𝗳𝗼𝗿 𝗥𝗖𝟰 𝗶𝗻 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀? Microsoft is phasing out RC4 for Kerberos service tickets — and the timeline is out. 𝗢𝗻 𝗝𝗮𝗻 𝟭𝟯, 𝟮𝟬𝟮𝟲, an update shipped that starts the journey toward stopping default issuance of 𝘀𝗲𝗿𝘃𝗶𝗰𝗲 𝘁𝗶𝗰𝗸𝗲𝘁𝘀 with legacy encryption (like RC4). Why? Because 𝗥𝗖𝟰 can still be selected […]

Detection of Misconfigurations & Threats in AD

🔒 Secure Bits 💡 𝗗𝗼 𝘆𝗼𝘂 𝗿𝗲𝗴𝘂𝗹𝗮𝗿𝗹𝘆 𝗰𝗵𝗲𝗰𝗸 𝘆𝗼𝘂𝗿 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 𝗳𝗼𝗿 𝗺𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗲𝗱 𝗔𝗖𝗟𝘀? ACL misconfigurations are one of the 𝗺𝗼𝘀𝘁 𝗼𝘃𝗲𝗿𝗹𝗼𝗼𝗸𝗲𝗱 — yet severe — vulnerabilities in AD environments. They often stay hidden until a malicious actor finds them… and by then, it’s too late. 𝗛𝗲𝗿𝗲 𝗮𝗿𝗲 𝗷𝘂𝘀𝘁 𝗮 𝗳𝗲𝘄 𝗲𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗼𝗳 𝘁𝗵𝗲𝘀𝗲: 🔹 […]

Getting rid of NTLM is easier now

🔒 Secure Bits 💡 𝗚𝗲𝘁𝘁𝗶𝗻𝗴 𝗿𝗶𝗱 𝗼𝗳 𝗡𝗧𝗟𝗠 𝗶𝘀 𝗳𝗶𝗻𝗮𝗹𝗹𝘆 𝗲𝗮𝘀𝗶𝗲𝗿 (𝗮𝗻𝗱 𝘀𝗺𝗮𝗿𝘁𝗲𝗿) In Windows 11 version 24H2 and Windows Server 2025, Microsoft introduced 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗱 𝗡𝗧𝗟𝗠 𝗹𝗼𝗴𝗴𝗶𝗻𝗴 — and it’s a game changer for organizations trying to decommission NTLM. Let’s break it down 👇 ⸻ 𝗢𝗟𝗗 𝗪𝗔𝗬 🛠 𝗚𝗣𝗢: • 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘚𝘦𝘵𝘵𝘪𝘯𝘨𝘴 > 𝘈𝘥𝘷𝘢𝘯𝘤𝘦𝘥 𝘈𝘶𝘥𝘪𝘵 𝘗𝘰𝘭𝘪𝘤𝘺 […]

Windows Server Core

🔒 Secure Bits 💡 𝗛𝗮𝘁𝗲 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 𝗖𝗼𝗿𝗲? 𝗛𝗲𝗿𝗲’𝘀 𝗪𝗵𝘆 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱 𝗔𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝗨𝘀𝗲 𝗜𝘁 Windows Server Core is one of the 𝗺𝗼𝘀𝘁 𝗺𝗶𝘀𝘂𝗻𝗱𝗲𝗿𝘀𝘁𝗼𝗼𝗱 𝗮𝗻𝗱 𝘂𝗻𝗱𝗲𝗿𝘂𝘀𝗲𝗱 “tools” in the Windows ecosystem. 🖥️ 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗶𝘁? It’s Windows Server — but 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘁𝗵𝗲 𝗚𝗨𝗜. Just PowerShell, Command Line, and sconfig. And yes, it still supports critical […]

RDP Security Features

🔒 Secure Bits 💡 𝗗𝗼 𝘆𝗼𝘂 𝘂𝘀𝗲 𝗥𝗗𝗣 𝗿𝗲𝗴𝘂𝗹𝗮𝗿𝗹𝘆 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗲𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁? Then you should know there are more secure ways to do it. 𝗕𝘆 𝗱𝗲𝗳𝗮𝘂𝗹𝘁, your credentials are sent to the remote host during an RDP session — which means if the machine is compromised, attackers can steal and reuse them. 𝗕𝘂𝘁 𝘁𝗵𝗲𝗿𝗲’𝘀 𝗴𝗼𝗼𝗱 𝗻𝗲𝘄𝘀 […]

RDP Restricted Admin Mode

🔒 Secure Bits 💡 𝗗𝗼 𝗬𝗼𝘂 𝗨𝘀𝗲 𝗥𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗔𝗱𝗺𝗶𝗻 𝗠𝗼𝗱𝗲 𝗳𝗼𝗿 𝗥𝗗𝗣? If not, you should—it 𝗽𝗿𝗲𝘃𝗲𝗻𝘁𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲. 𝗪𝗵𝘆 𝗜𝘁 𝗘𝘅𝗶𝘀𝘁𝘀: Restricted Admin Mode was designed to let administrators connect to a potentially compromised device without passing their credentials to it. You must already be an administrator on the target machine, but your credentials […]

Kerberos Enforce AES

🔒 Secure Bits 💡 𝗪𝗮𝗻𝘁 𝘁𝗼 𝗱𝗶𝘀𝗮𝗯𝗹𝗲 𝗥𝗖𝟰 𝗮𝗻𝗱 𝗲𝗻𝗳𝗼𝗿𝗰𝗲 𝗔𝗘𝗦 𝗶𝗻 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀? You should — but 𝗱𝗼𝗻’𝘁 𝗱𝗼 𝗶𝘁 𝗯𝗹𝗶𝗻𝗱𝗹𝘆. Enforcing strong authentication (like AES-only Kerberos) is an important part of 𝗺𝗼𝗱𝗲𝗿𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗕𝗮𝘀𝗲𝗹𝗶𝗻𝗲𝘀 — just like LDAP signing or NTLM hardening. But in older environments, RC4 is still widely used, and flipping the switch 𝗰𝗮𝗻 𝗯𝗿𝗲𝗮𝗸 […]

Privileged Access Workstations (PAWs)

🔒 Secure Bits 💡 Why should you use Privileged Access Workstations (PAWs)? Accessing your infrastructure through a basic user device leaves your privileged account credentials in the device’s memory, and it is making you susceptible to keyloggers (software or hardware) that can capture these credentials. To mitigate this risk, implement PAWs in your environment and […]

Passwords in Group Policy

🔒 Secure Bits 💡 𝗔𝗿𝗲 𝗽𝗮𝘀𝘀𝘄𝗼𝗿𝗱𝘀 𝗵𝗶𝗱𝗶𝗻𝗴 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗚𝗿𝗼𝘂𝗽 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀? 𝗛𝗼𝘄 𝗼𝗹𝗱 is your Active Directory? Are you sure there’s no history of stored credentials? 🚨 Before 2014, many admins used Group Policy Preferences (GPP) to 𝘀𝗲𝘁 𝗽𝗮𝘀𝘀𝘄𝗼𝗿𝗱𝘀 for tasks, services, and other configurations. It was convenient—but 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀𝗹𝘆 𝗶𝗻𝘀𝗲𝗰𝘂𝗿𝗲. Microsoft patched this in 2014, […]