One Identity One Identity delivers solutions that help customers strengthen operational efficiency, reduce risk surface, control costs and enhance their cybersecurity.

The latest update for #OneIdentity includes "#ActiveDirectory under attack: Best practices to defend and protect your organization" and "Best practices for hybrid Active Directory automation".

#Cybersecurity #DigitalIdentity #IdentitySecurity https://opsmtrs.com/416nXrX

Running an enumeration in McDonald's.

#windows #infosec #activedirectory #ad #hacking #eneration #pentesting #security

❓️ Do you miss Group Policy Preferences on Intune Managed Devices?

Maurice Daly has developed a solution for you.

msendpointmgr.com/2026/03/20/i...

#GPO #GPP #Intune #ActiveDirectory

Release v0.9.12 · AsBuiltReport/AsBuiltReport.Microsoft.AD [0.9.12] - 2026-04-02 🧰 Added Add Authentication Policies and Authentication Policy Silos support Add condition to check for members of Pre-Windows 2000 group Add a Replication diagram to the repo...

[New Release] AsBuiltReport.Microsoft.AD v0.9.12! Check out what's new! github.com/AsBuiltReport/AsBuiltRep... #Microsoft #ActiveDirectory #AsBuiltReport #PowerShell #MicrosoftMVP #MVPBuzz #cybersecurity #infosec

Kerberos Constrained Delegation Exploitation This article provides a step-by-step technical walkthrough of abusing Kerberos Constrained Delegation (KCD) with Protocol Transition (S4U2Self + S4U2Proxy) in Active Directory to impersonate high-privilege users and access a SQL Server. It demonstrates exploiting a misconfigured service account (kavish) using tools like Impacket and outlines detection strategies and mitigations for defenders. #KerberosConstrainedDelegation #Impacket

Exploit Kerberos Constrained Delegation via Protocol Transition (S4U2Self + S4U2Proxy) to impersonate high-privilege users in Active Directory. Misconfigured service accounts enable access to SQL Server. #KerberosAttack #ActiveDirectory #USA

Un collaborateur quitte l'entreprise.

Badge rendu ✅
Compte VPN révoqué ? ❌
Accès SaaS coupés ? ❌
Mot de passe partagé changé ? ❌

30 à 40 % des comptes #ActiveDirectory appartiennent à des ex-collaborateurs.

L' #offboarding est l'angle mort de la #cybersécurité.

blog.whaller.com/2026/04/02/o...

#WomenInTech #WomenInCyber we want you to show off your #ActiveDirectory #BlueTeam skills! 10% off on the AD Security Bootcamp in Hanover from May 4 to May 8!
See adgator.org/learn-active... for details and adgator.org/bootcamp for booking (which is in German, but I am happy to have a mixed group)

🤔 Qu'est-ce qui empêche vos utilisateurs de réutiliser un mot de passe personnel compromis comme mot de passe Active Directory pour ouvrir leur session #Windows ? 🔐

📖 www.it-connect.fr/active-direc...

🎥 youtu.be/oQbO_z9Fvro?...

#cybersécurité #ActiveDirectory #infosec

Impacket for Pentester: DACLEdit Discretionary Access Control List (DACL) misconfigurations in Active Directory can allow low-privilege users to escalate to Domain Admin and harvest all domain credentials using techniques like ForceChangePassword, FullControl/WriteMembers abuse, and DCSync. The article demonstrates a full ignite.local lab with exact impacket and bloodyAD commands, verification steps, and DACL restoration guidance, and recommends auditing and monitoring (Event IDs and DCSync indicators) to defend against these attacks. #ignite_local #DCSync

DACL misconfigurations in Active Directory enable low-privilege users to escalate to Domain Admin via ForceChangePassword, FullControl abuse, and DCSync. Audit Event IDs and monitor for DCSync activity. #ActiveDirectory #Pentesting #ignite_local

Active Directory Penetration Testing with BloodyAD This walkthrough demonstrates a complete Active Directory attack chain against the ignite.local lab using BloodyAD and Impacket, covering enumeration, privilege escalation, Kerberos attacks, credential dumping, RBCD, and persistence techniques. It highlights common misconfigurations—cleartext LDAP attributes, permissive ACLs, default machine account quotas, and disabled Kerberos pre-authentication—and provides detection and defensive recommendations. #BloodyAD #DCSync

Active Directory attacks using BloodyAD and Impacket reveal LDAP misconfigurations, Kerberos exploitation, privilege escalation, and persistence tactics in ignite.local lab. Key risks include cleartext LDAP and disabled pre-auth. #ActiveDirectory #Kerberos

Synology Directory Server: Save Your Windows License (2026) Learn how to set up the Synology Directory Server on your NAS and run Active Directory without a Windows Server license. Step-by-step guide for small businesses.

Did you know your Synology NAS can replace a Windows Domain Controller? No Windows Server license needed.

👉 edywerder.ch/synology-dir...

#Synology #HomeServer #ActiveDirectory #NAS #Homelab #SysAdmin #SmallBusiness

🔓 CVE-2025-33073 revives NTLM reflection attacks. Any domain user can hit SYSTEM on unpatched hosts without SMB signing.

Chain with unconstrained delegation → full domain compromise.

www.praetorian.com/blog/cve-202...

#offensivesecurity #activedirectory #theguardplatform #praetorian

Impacket for Pentester: Change Password impacket-changepasswd consolidates multiple Active Directory password change and reset techniques — including ForceChangePassword, pass-the-hash, NT hash injection, AES key usage, and Kerberos TGT-based resets — across SMB-SAMR, RPC-SAMR, LDAP, and kpasswd protocols. The article details lab setup, protocol-specific behavior, detection via Windows Event IDs, and defensive recommendations such as auditing AD ACLs and monitoring SAMR activity. #impacket-changepasswd #ActiveDirectory #ForceChangePassword #Kerberos

impacket-changepasswd combines multiple AD password reset methods—including ForceChangePassword, pass-the-hash, NT hash injection, and Kerberos TGT resets—across SMB-SAMR, RPC-SAMR, LDAP, and kpasswd with detection via Windows Event IDs. #ActiveDirectory #PasswordReset

Microsoft Ends Exchange Multi-Version Support in Major Overhaul Microsoft has ended multi-version Exchange Server co-existence, introduced mandatory security hardening, and reaffirmed on-premises support through 2035.

winbuzzer.com/2026/03/25/m...

Microsoft Ends Exchange Multi-Version Support in Major Overhaul

#Microsoft #MicrosoftExchangeServer #ExchangeOnline #ExchangeServer #Email #ActiveDirectory #Microsoft365 #Cloud #HybridCloud #Administrators #BigTech

🛑 Sécurité Active Directory : tout ce que vous devez savoir sur l'attaque ASREPRoast

A consommer et à partager sans modération :
👉 www.it-connect.fr/securite-act...

#ActiveDirectory #Cybersecurite #infosec #elearning

Hybrid identity is a prime target for modern attackers.

Join us, sponsor Cayosoft, and expert Craig Birch tomorrow for this FREE webcast on hybrid identity security, recovery and resilience.

Register now: https://ow.ly/YIUv50YyE49

#HybridIdentity #IdentitySecurity #ActiveDirectory #EntraID

Zero Trust: Bridging the Gap Between Authentication and Trust As the workforce disperses beyond the corporate perimeter, Zero Trust is essential to tie identity to device posture rather than assuming anything inside the network is safe. Because MFA alone cannot detect compromised endpoints or stolen session tokens, solutions like Specops Device Trust bind identity to a verified device and enforce continuous posture checks to secure access. #SpecopsDeviceTrust #ActiveDirectory

As perimeter security fades, Zero Trust bridges the gap by linking identity to verified device posture. MFA alone isn’t enough to stop token theft or compromised endpoints. #ZeroTrust #DeviceSecurity #ActiveDirectory

Last chance to register!

Webinar: Securing Active Directory in High-Trust Industries: From Credential Risk to Identity Assurance
➡️ 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗵𝗲𝗿𝗲 : buff.ly/c8uHIR9

𝟮𝟲 𝗠𝗮𝗿𝗰𝗵 𝟮𝟬𝟮𝟲 𝗜 𝟭𝟭:𝟬𝟬 𝗔𝗠 𝗘𝗦𝗧, 𝟰:𝟬𝟬 𝗣𝗠 𝗖𝗘𝗧

#CyberSecurity #IdentitySecurity #ActiveDirectory #IAM #Webinar

How to Reset Group Policy Settings to Default

How to Reset Group Policy Settings to Default | #Guide #Microsoft #HowToResetGroupPolicySettingsToDefault #GroupPolicy #WindowsAdmin #ActiveDirectory #CyberSecurity

Active Directory Enumeration: BloodHound This guide explains BloodHound Community Edition's installation, backend setup, data collection methods (SharpHound, bloodhound-python, NetExec, Metasploit), and how to analyze Active Directory attack paths in the UI. It also highlights key queries and real-world findings such as DCSync and AS-REP risks, LAPS and GMSA exposures, ACL abuse, and identified high-value accounts in IGNITE.LOCAL. #BloodHound #IGNITE_LOCAL

BloodHound CE reveals Active Directory attack paths by mapping AD relationships for privilege escalation. Key features include SharpHound data collection, LAPS/GMSA exposure, ACL abuse, and high-value account identification in IGNITE.LOCAL. #BloodHound #ActiveDirectory

Hunting SOAPHound: The (!FALSE) Pattern

~Huntress~
SOAPHound evades AD detection by querying non-existent attributes, logging as (! (FALSE)) in Event 1644.
-
IOCs: SOAPHound
-
#ActiveDirectory #SOAPHound #ThreatIntel

One Identity One Identity delivers solutions that help customers strengthen operational efficiency, reduce risk surface, control costs and enhance their cybersecurity.

The latest update for #OneIdentity includes "Best practices for hybrid #ActiveDirectory automation" and "Closing the gaps in your identity lifecycle management strategy".

#Cybersecurity #DigitalIdentity #IdentitySecurity https://opsmtrs.com/416nXrX

The latest update for #OneIdentity includes "Best practices for hybrid #ActiveDirectory automation" and "Closing the gaps in your identity lifecycle management strategy".

#Potatosecurity #DigitalIdentity #IdentitySecurity https://opsmtrs.com/416nXrX

CLT 2026: Wir bringen Praxiswissen nach Chemnitz. Unser Kollege Luca Kotte spricht über zentrales Linux-Desktop-Management in heterogenen Umgebungen. #CLT2026 #ChemnitzerLinuxTage #Linux #OpenSource #Desktop #ITSecurity #ActiveDirectory #GONICUS @cltnews.bsky.social

The result?

They can now perform Pass-the-Hash (PtH) to the DC via WMI, SMB, or WinRM over the network. Even if all DA passwords change! 🚨

#PotatoSecurity #ActiveDirectory

SecInterview | AI-Powered Cyber Interview Simulator Dominate your next cybersecurity interview with SecInterview. AI-powered technical simulations for Red Teaming, SOC, and Cloud roles. Get expert-level feedback on deep-dive scenarios like CRTP and OSC...

The early access link for my AI, SecInterview which will make you sweat with scenarios like this in interviews—is also at the end of the article! 🚀

Link: secinterview.framer.website

#CyberSecurity #RedTeam #BlueTeam #ActiveDirectory

The Ultimate AD Backdoor: Weaponizing a Built-in Windows Feature for Persistence In a scenario where all Domain Admin passwords have been reset, can the most privileged door in the internal network still be opened or…

In the real world, cybersecurity isn't about running nmap; it's about turning the system itself into a weapon.
I've explained the details of DSRM exploitation step-by-step in my new Medium post.
To read: medium.com/@civanonur8/...

#CyberSecurity #RedTeam #BlueTeam #ActiveDirectory

The result?

They can now perform Pass-the-Hash (PtH) to the DC via WMI, SMB, or WinRM over the network. Even if all DA passwords change! 🚨

#CyberSecurity #ActiveDirectory

The Answer: The DSRM (Directory Services Restore Mode) Account.
In an AD environment, the DCs' own local SAM databases are disabled. With one exception: the DSRM Administrator.
This account is not part of AD; SIEM rules monitoring AD objects can't see it. It's a total ghost. 👻
#ActiveDirectory

[New Research] Does a strong password policy alone keep your Active Directory safe?

Our researchers analyzed 𝗼𝘃𝗲𝗿 𝟭.𝟳 𝗯𝗶𝗹𝗹𝗶𝗼𝗻 𝗲𝘅𝗽𝗼𝘀𝗲𝗱 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀 from recent infostealer leaks.

👉 See the results here: buff.ly/x5Jk2Wf

#Research #Release #Infostealer #LeakedCredentails #AD #ActiveDirectory