top of page
Search
![Primary Group Behavior, Reporting and Exploitation](https://static.wixstatic.com/media/27c3eb_f22ea414b10c41988784744e48671d7f~mv2.png/v1/fill/w_305,h_172,fp_0.50_0.50,q_95,enc_auto/27c3eb_f22ea414b10c41988784744e48671d7f~mv2.webp)
Brandon Colley
May 23, 20235 min read
Primary Group Behavior, Reporting and Exploitation
Introduction If you’ve administered Active Directory (AD) for any significant time, chances are you’ve come across the primaryGroupID ...
1,179
![Video: BSides Charm 2023 - AD & DNS: A Match Made in Heck](https://static.wixstatic.com/media/27c3eb_723578a654594cabb88874cffcfffcde~mv2.png/v1/fill/w_306,h_172,fp_0.50_0.50,q_95,enc_auto/27c3eb_723578a654594cabb88874cffcfffcde~mv2.webp)
Jake Hildreth
May 23, 20231 min read
Video: BSides Charm 2023 - AD & DNS: A Match Made in Heck
Download Jake and Jims slides here!
1,378
Jake Hildreth
Dec 16, 20221 min read
Video: Protecting Users with “Protected Users”
Despite being around for 9 years, organizations are unaware that the Protected Users AD group exists let alone its benefits. In this...
1,031
![Push Comes To Shove: exploring the attack surface of SCCM Client Push Accounts](https://static.wixstatic.com/media/bf9d03_cd0b166eb6434b2b884b18954d400499~mv2.png/v1/fill/w_305,h_172,fp_0.50_0.50,q_95,enc_auto/bf9d03_cd0b166eb6434b2b884b18954d400499~mv2.webp)
Brandon Colley
Jul 1, 20227 min read
Push Comes To Shove: exploring the attack surface of SCCM Client Push Accounts
Editors Note: Part 2 of this series is now published! Head over after you've finished reading Part 1. Introduction Did you know that...
12,076
![Webcast: Top 10 Ways to Improve Active Directory Security Quickly](https://static.wixstatic.com/media/bf9d03_c6ea3d71af4748fe9b57d54b7183fcd6~mv2.png/v1/fill/w_306,h_172,fp_0.50_0.50,q_95,enc_auto/bf9d03_c6ea3d71af4748fe9b57d54b7183fcd6~mv2.webp)
Sean Metcalf
Jun 24, 20222 min read
Webcast: Top 10 Ways to Improve Active Directory Security Quickly
This Trimarc Webcast provides information about current AD attack methods attackers are leveraging to compromise Active Directory and 10 thi
7,865
![Implementing Controls in Active Directory: Protecting Against Privileged Credential Sprawl](https://static.wixstatic.com/media/bf9d03_852e4f8a077740cb9cbe658f9ded6d11~mv2.png/v1/fill/w_305,h_172,fp_0.50_0.50,q_95,enc_auto/bf9d03_852e4f8a077740cb9cbe658f9ded6d11~mv2.webp)
Scott Blake
Nov 19, 20218 min read
Implementing Controls in Active Directory: Protecting Against Privileged Credential Sprawl
Protecting Against Privileged Credential Sprawl. Highly privileged accounts are often used to perform tasks on systems.
11,295
![LDAP Channel Binding and Signing](https://static.wixstatic.com/media/bf9d03_349861fbe91746fa8c07a8e905b81152~mv2.png/v1/fill/w_305,h_172,fp_0.50_0.50,q_95,enc_auto/bf9d03_349861fbe91746fa8c07a8e905b81152~mv2.webp)
Scott Blake
Jan 22, 20217 min read
LDAP Channel Binding and Signing
The initial fuss around Microsoft “forcing” customers into LDAP channel binding and LDAP signing (January 2020, March 2020, second half...
17,927
Sean Metcalf
Dec 10, 202014 min read
Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory
Introduction & Attack Overview Jake Karnes ( @jakekarnes42 ) with NetSPI published 3 articles (that’s right 3!) describing a new attack...
3,685
Scott Blake
Oct 28, 20205 min read
Securing Microsoft Azure AD Connect
With more and more organizations moving to the cloud, specifically Azure Active Directory/Microsoft 365 (formerly Office 365), Trimarc...
12,430
Sean Metcalf
Sep 3, 20207 min read
Escalating to Domain Admin in Microsoft’s Cloud Hosted Active Directory (Azure AD Domain Services)
the attacker could compromise the Azure AD Domain Services domain and persist at the Domain Controller and/or domain level
3,209
![The Art of the Honeypot Account: Making the Unusual Look Normal](https://static.wixstatic.com/media/bf9d03_0e28834673cd4e74b2d7c9b2b08ab6d5~mv2.png/v1/fill/w_306,h_150,fp_0.50_0.50,q_95,enc_auto/bf9d03_0e28834673cd4e74b2d7c9b2b08ab6d5~mv2.webp)
Sean Metcalf
Aug 6, 202011 min read
The Art of the Honeypot Account: Making the Unusual Look Normal
I have had the idea for a post describing how to best create a honeypot (or honeytoken) account for many years and only recently gained...
15,917
![Webcast: Securing Active Directory: Protecting AD Administration](https://static.wixstatic.com/media/bf9d03_d93ffad585974d7d98d1471f6f605647~mv2.png/v1/fill/w_305,h_172,fp_0.50_0.50,q_95,enc_auto/bf9d03_d93ffad585974d7d98d1471f6f605647~mv2.webp)
Sean Metcalf
Jul 17, 20201 min read
Webcast: Securing Active Directory: Protecting AD Administration
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers common issues with AD administration, how...
4,514
Scott Blake
Jul 14, 20207 min read
Trimarc’s Take: 12 Steps for Better Password Management
Passwords, while serving a crucial role in identity, have unfortunately morphed into the dreaded necessary evil territory. This is easily...
3,414
Sean Metcalf
Jun 23, 202014 min read
Securing Active Directory: Performing an Active Directory Security Review
During the Trimarc Webcast on June 17, 2020 , Sean Metcalf covered a number of Active Directory (AD) components and areas that should be...
51,788
![Webcast: Securing Active Directory: Performing Your Own AD Security Review](https://static.wixstatic.com/media/bf9d03_9669b6cfa4e54a60925bb6fdaf8b9db9~mv2.png/v1/fill/w_305,h_172,fp_0.50_0.50,q_95,enc_auto/bf9d03_9669b6cfa4e54a60925bb6fdaf8b9db9~mv2.webp)
Sean Metcalf
Jun 17, 20201 min read
Webcast: Securing Active Directory: Performing Your Own AD Security Review
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers how to improve the security of your Active...
5,999
Sean Metcalf
May 27, 20208 min read
From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path
While Azure leverages Azure Active Directory for some things, Azure AD roles don’t directly affect Azure (or Azure RBAC) typically. This...
874
![](https://i.ytimg.com/vi/5BKGOpBhypk/maxresdefault.jpg)
![Webcast: Securing Active Directory: Resolving Common Issues](https://i.ytimg.com/vi/5BKGOpBhypk/maxresdefault.jpg)
Sean Metcalf
May 18, 20201 min read
Webcast: Securing Active Directory: Resolving Common Issues
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers how to improve the security of your Active...
2,829
Sean Metcalf
May 15, 20201 min read
Webcast: Quest TEC Talk Office 365 & Azure Active Directory 10 Security Actions to Take Now
Slides and Video Available! From the Quest TEC Talk Series. Trimarc founder Sean Metcalf, Microsoft Certified Master, on the 10 security...
115
Sean Metcalf
Mar 21, 20196 min read
There’s Something About Service Accounts
Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost...
1,130
-
Feb 12, 20197 min read
Mitigating Exchange Permission Paths to Domain Admins in Active Directory
A blog post was published by Dirk-jan Mollema titled "Abusing Exchange: One API call away from Domain Admin " (...
2,845
bottom of page