Push Comes To Shove: exploring the attack surface of SCCM Client Push Accounts
Introduction Did you know that Microsoft System Center Configuration Manager (SCCM) has been around for 28 years? Currently known as...
Search
Trimarc Security Team
- Jun 24
- 2 min
Webcast: Top 10 Ways to Improve Active Directory Security Quickly
This Trimarc Webcast provides information about current AD attack methods attackers are leveraging to compromise Active Directory and 10 thi
4,9720
Scott Blake
- Nov 19, 2021
- 8 min
Implementing Controls in Active Directory: Protecting Against Privileged Credential Sprawl
Protecting Against Privileged Credential Sprawl. Highly privileged accounts are often used to perform tasks on systems.
7,8040
Scott Blake
- Jan 22, 2021
- 6 min
LDAP Channel Binding and Signing
The initial fuss around Microsoft “forcing” customers into LDAP channel binding and LDAP signing (January 2020, March 2020, second half...
5,5000
Sean Metcalf
- Dec 10, 2020
- 14 min
Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory
Introduction & Attack Overview Jake Karnes (@jakekarnes42) with NetSPI published 3 articles (that’s right 3!) describing a new attack...
2,9630
Scott Blake
- Oct 28, 2020
- 5 min
Securing Microsoft Azure AD Connect
With more and more organizations moving to the cloud, specifically Azure Active Directory/Microsoft 365 (formerly Office 365), Trimarc...
5,5560
Sean Metcalf
- Sep 3, 2020
- 6 min
Escalating to Domain Admin in Microsoft’s Cloud Hosted Active Directory (Azure AD Domain Services)
the attacker could compromise the Azure AD Domain Services domain and persist at the Domain Controller and/or domain level
2,2460
Sean Metcalf
- Aug 6, 2020
- 10 min
The Art of the Honeypot Account: Making the Unusual Look Normal
I have had the idea for a post describing how to best create a honeypot (or honeytoken) account for many years and only recently gained...
9,6260
Trimarc Security Team
- Jul 17, 2020
- 1 min
Webcast: Securing Active Directory: Protecting AD Administration
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers common issues with AD administration, how...
3,6900
Scott Blake
- Jul 14, 2020
- 7 min
Trimarc’s Take: 12 Steps for Better Password Management
Passwords, while serving a crucial role in identity, have unfortunately morphed into the dreaded necessary evil territory. This is easily...
1,5280
Sean Metcalf
- Jun 23, 2020
- 14 min
Securing Active Directory: Performing an Active Directory Security Review
During the Trimarc Webcast on June 17, 2020, Sean Metcalf covered a number of Active Directory (AD) components and areas that should be...
36,5550
Trimarc Security Team
- Jun 17, 2020
- 1 min
Webcast: Securing Active Directory: Performing Your Own AD Security Review
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers how to improve the security of your Active...
5,0490
Sean Metcalf
- May 27, 2020
- 8 min
From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path
While Azure leverages Azure Active Directory for some things, Azure AD roles don’t directly affect Azure (or Azure RBAC) typically. This...
6400
-
- May 18, 2020
- 1 min
Webcast: Securing Active Directory: Resolving Common Issues
Trimarc Founder and Active Directory Security Subject Matter Expert, Sean Metcalf, covers how to improve the security of your Active...
2,1400
-
- May 15, 2020
- 1 min
Webcast: Quest TEC Talk Office 365 & Azure Active Directory 10 Security Actions to Take Now
Slides and Video Available! From the Quest TEC Talk Series. Trimarc founder Sean Metcalf, Microsoft Certified Master, on the 10 security...
780
Sean Metcalf
- Mar 21, 2019
- 6 min
There’s Something About Service Accounts
Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost...
4290
-
- Feb 12, 2019
- 7 min
Mitigating Exchange Permission Paths to Domain Admins in Active Directory
A blog post was published by Dirk-jan Mollema titled "Abusing Exchange: One API call away from Domain Admin " (https://dirkjanm.io/abusin...
9070
-
- Nov 22, 2017
- 28 min
Transcript BSidesCharm Detecting the Elusive: Active Directory Threat Hunting
“Detecting the Elusive: Active Directory Threat Hunting” Sean Metcalf, Trimarc CTO BSides Charm (Baltimore, MD) April 2017 Transcript...
1490
Sean Metcalf
- Feb 17, 2017
- 13 min
Trimarc Research: Detecting Kerberoasting Activity
Kerberoasting can be an effective method for extracting service account credentials from Active Directory as a regular user without...
2,4430
Sean Metcalf
- Feb 10, 2017
- 4 min
Trimarc Research: Detecting Password Spraying with Security Event Auditing
A common method attackers leverage as well as many penetration testers and Red Teamers is called "password spraying". Password spraying...
3,1080