CINXE.COM

Attack Defense & Detection – Active Directory Security

<!DOCTYPE html><!--[if IE 7]> <html class="ie ie7" lang="en-US" prefix="og: http://ogp.me/ns#"> <![endif]--> <!--[if IE 8]> <html class="ie ie8" lang="en-US" prefix="og: http://ogp.me/ns#"> <![endif]--> <!--[if !(IE 7) & !(IE 8)]><!--> <html lang="en-US" prefix="og: http://ogp.me/ns#"> <!--<![endif]--> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Attack Defense &#038; Detection &#8211; Active Directory Security</title> <meta name='robots' content='max-image-preview:large' /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security &raquo; Feed" href="https://adsecurity.org/?feed=rss2" /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security &raquo; Comments Feed" href="https://adsecurity.org/?feed=comments-rss2" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/adsecurity.org\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.5"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://adsecurity.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 14px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 20px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-size--tiny: 10px;--wp--preset--font-size--regular: 16px;--wp--preset--font-size--larger: 26px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} .wp-block-navigation a:where(:not(.wp-element-button)){color: inherit;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} .wp-block-pullquote{font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='bootstrap-css' href='https://adsecurity.org/wp-content/themes/graphene/bootstrap/css/bootstrap.min.css?ver=6.5.5' type='text/css' media='all' /> <link rel='stylesheet' id='font-awesome-css' href='https://adsecurity.org/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=6.5.5' type='text/css' media='all' /> <link rel='stylesheet' id='graphene-css' href='https://adsecurity.org/wp-content/themes/graphene/style.css?ver=2.8.4' type='text/css' media='screen' /> <link rel='stylesheet' id='graphene-responsive-css' href='https://adsecurity.org/wp-content/themes/graphene/responsive.css?ver=2.8.4' type='text/css' media='all' /> <link rel='stylesheet' id='graphene-blocks-css' href='https://adsecurity.org/wp-content/themes/graphene/blocks.css?ver=2.8.4' type='text/css' media='all' /> <style id='akismet-widget-style-inline-css' type='text/css'> .a-stats { --akismet-color-mid-green: #357b49; --akismet-color-white: #fff; --akismet-color-light-grey: #f6f7f7; max-width: 350px; width: auto; } .a-stats * { all: unset; box-sizing: border-box; } .a-stats strong { font-weight: 600; } .a-stats a.a-stats__link, .a-stats a.a-stats__link:visited, .a-stats a.a-stats__link:active { background: var(--akismet-color-mid-green); border: none; box-shadow: none; border-radius: 8px; color: var(--akismet-color-white); cursor: pointer; display: block; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen-Sans', 'Ubuntu', 'Cantarell', 'Helvetica Neue', sans-serif; font-weight: 500; padding: 12px; text-align: center; text-decoration: none; transition: all 0.2s ease; } /* Extra specificity to deal with TwentyTwentyOne focus style */ .widget .a-stats a.a-stats__link:focus { background: var(--akismet-color-mid-green); color: var(--akismet-color-white); text-decoration: none; } .a-stats a.a-stats__link:hover { filter: brightness(110%); box-shadow: 0 4px 12px rgba(0, 0, 0, 0.06), 0 0 2px rgba(0, 0, 0, 0.16); } .a-stats .count { color: var(--akismet-color-white); display: block; font-size: 1.5em; line-height: 1.4; padding: 0 13px; white-space: nowrap; } </style> <script type="text/javascript" src="https://adsecurity.org/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://adsecurity.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2.8.4" id="bootstrap-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/bootstrap-hover-dropdown/bootstrap-hover-dropdown.min.js?ver=2.8.4" id="bootstrap-hover-dropdown-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/bootstrap-submenu/bootstrap-submenu.min.js?ver=2.8.4" id="bootstrap-submenu-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/jquery.infinitescroll.min.js?ver=2.8.4" id="infinite-scroll-js"></script> <script type="text/javascript" id="graphene-js-extra"> /* <![CDATA[ */ var grapheneJS = {"siteurl":"https:\/\/adsecurity.org","ajaxurl":"https:\/\/adsecurity.org\/wp-admin\/admin-ajax.php","templateUrl":"https:\/\/adsecurity.org\/wp-content\/themes\/graphene","isSingular":"1","enableStickyMenu":"","shouldShowComments":"1","commentsOrder":"newest","sliderDisable":"","sliderInterval":"7000","infScrollBtnLbl":"Load more","infScrollOn":"","infScrollCommentsOn":"","totalPosts":"1","postsPerPage":"10","isPageNavi":"","infScrollMsgText":"Fetching window.grapheneInfScrollItemsPerPage of window.grapheneInfScrollItemsLeft items left ...","infScrollMsgTextPlural":"Fetching window.grapheneInfScrollItemsPerPage of window.grapheneInfScrollItemsLeft items left ...","infScrollFinishedText":"All loaded!","commentsPerPage":"50","totalComments":"0","infScrollCommentsMsg":"Fetching window.grapheneInfScrollCommentsPerPage of window.grapheneInfScrollCommentsLeft comments left ...","infScrollCommentsMsgPlural":"Fetching window.grapheneInfScrollCommentsPerPage of window.grapheneInfScrollCommentsLeft comments left ...","infScrollCommentsFinishedMsg":"All comments loaded!","disableLiveSearch":"1","txtNoResult":"No result found.","isMasonry":""}; /* ]]> */ </script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/graphene.js?ver=2.8.4" id="graphene-js"></script> <script type="text/javascript" id="wpstg-global-js-extra"> /* <![CDATA[ */ var wpstg = {"nonce":"bdb339c904"}; /* ]]> */ </script> <script type="text/javascript" src="https://adsecurity.org/wp-content/plugins/wp-staging-pro/assets/js/dist/wpstg-blank-loader.min.js?ver=6.5.5" id="wpstg-global-js"></script> <link rel="https://api.w.org/" href="https://adsecurity.org/index.php?rest_route=/" /><link rel="alternate" type="application/json" href="https://adsecurity.org/index.php?rest_route=/wp/v2/pages/4031" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://adsecurity.org/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.5.5" /> <link rel="canonical" href="https://adsecurity.org/?page_id=4031" /> <link rel='shortlink' href='https://adsecurity.org/?p=4031' /> <link rel="alternate" type="application/json+oembed" href="https://adsecurity.org/index.php?rest_route=%2Foembed%2F1.0%2Fembed&#038;url=https%3A%2F%2Fadsecurity.org%2F%3Fpage_id%3D4031" /> <link rel="alternate" type="text/xml+oembed" href="https://adsecurity.org/index.php?rest_route=%2Foembed%2F1.0%2Fembed&#038;url=https%3A%2F%2Fadsecurity.org%2F%3Fpage_id%3D4031&#038;format=xml" /> <script> WebFontConfig = { google: { families: ["Lato:400,400i,700,700i&display=swap"] } }; (function(d) { var wf = d.createElement('script'), s = d.scripts[0]; wf.src = 'https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js'; wf.async = true; s.parentNode.insertBefore(wf, s); })(document); </script> <style type="text/css"> .header_title, .header_title a, .header_title a:visited, .header_title a:hover, .header_desc {color:#000000}.carousel, .carousel .item{height:400px}@media (max-width: 991px) {.carousel, .carousel .item{height:250px}}#header{max-height:198px}@media (min-width: 1200px) {.container {width:1280px}} </style> <script type="application/ld+json">{"@context":"http:\/\/schema.org","@type":"WebPage","mainEntityOfPage":"https:\/\/adsecurity.org\/?page_id=4031","publisher":{"@type":"Organization","name":"Active Directory Security"},"headline":"Attack Defense &#038; Detection","datePublished":"2018-10-09T22:21:36+00:00","dateModified":"2018-10-19T19:43:19+00:00","description":"This page is meant to be a resource for Detecting &amp; Defending against attacks. I provide references for the attacks and a number of defense &amp; detection techniques. Active Directory &amp; Windows Security ATTACK AD Recon Active Directory Recon Without Admin Rights SPN Scanning \u2013 Service Discovery without Network Port Scanning Beyond Domain Admins \u2013 ...","author":{"@type":"Person","name":"Sean Metcalf"}}</script> <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style><meta property="og:type" content="article" /> <meta property="og:title" content="Attack Defense &#038; Detection" /> <meta property="og:url" content="https://adsecurity.org/?page_id=4031" /> <meta property="og:site_name" content="Active Directory Security" /> <meta property="og:description" content="This page is meant to be a resource for Detecting &amp; Defending against attacks. I provide references for the attacks and a number of defense &amp; detection techniques. Active Directory &amp; Windows Security ATTACK AD Recon Active Directory Recon Without Admin Rights SPN Scanning – Service Discovery without Network Port Scanning Beyond Domain Admins – ..." /> <meta property="og:updated_time" content="2018-10-19T19:43:19+00:00" /> <meta property="article:modified_time" content="2018-10-19T19:43:19+00:00" /> <meta property="article:published_time" content="2018-10-09T22:21:36+00:00" /> </head> <body class="page-template-default page page-id-4031 custom-background wp-embed-responsive layout-boxed two_col_left two-columns singular"> <div class="container boxed-wrapper"> <div id="top-bar" class="row clearfix top-bar "> <div class="col-md-12 top-bar-items"> <ul class="social-profiles"> <li class="social-profile social-profile-rss"> <a href="https://adsecurity.org/?feed=rss2" title="Subscribe to Tech, News, and Other Ideations&#039;s RSS feed" id="social-id-1" class="mysocial social-rss"> <i class="fa fa-rss"></i> </a> </li> </ul> <button type="button" class="search-toggle navbar-toggle collapsed" data-toggle="collapse" data-target="#top_search"> <span class="sr-only">Toggle search form</span> <i class="fa fa-search-plus"></i> </button> <div id="top_search" class="top-search-form"> <form class="searchform" method="get" action="https://adsecurity.org"> <div class="input-group"> <div class="form-group live-search-input"> <label for="s" class="screen-reader-text">Search for:</label> <input type="text" id="s" name="s" class="form-control" placeholder="Search"> </div> <span class="input-group-btn"> <button class="btn btn-default" type="submit"><i class="fa fa-search"></i></button> </span> </div> </form> </div> </div> </div> <div id="header" class="row"> <img src="https://adsecurity.org/wp-content/themes/graphene/images/headers/fluid.jpg" alt="Active Directory Security" title="Active Directory Security" width="960" height="198" /> </div> <nav class="navbar row navbar-inverse"> <div class="navbar-header align-center"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#header-menu-wrap, #secondary-menu-wrap"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <p class="header_title"> <a href="https://adsecurity.org" title="Go back to the front page"> Active Directory Security </a> </p> <p class="header_desc">Active Directory &amp; Enterprise Security, Methods to Secure Active Directory, Attack Methods &amp; Effective Defenses, PowerShell, Tech Notes, &amp; Geek Trivia&#8230;</p> </div> <div class="collapse navbar-collapse" id="header-menu-wrap"> <ul class="nav navbar-nav flip"><li ><a href="https://adsecurity.org/">Home</a></li><li class="menu-item menu-item-8"><a href="https://adsecurity.org/?page_id=8" >About</a></li><li class="menu-item menu-item-41"><a href="https://adsecurity.org/?page_id=41" >AD Resources</a></li><li class="menu-item menu-item-4031 current-menu-item"><a href="https://adsecurity.org/?page_id=4031" >Attack Defense &#038; Detection</a></li><li class="menu-item menu-item-293"><a href="https://adsecurity.org/?page_id=293" >Contact</a></li><li class="menu-item menu-item-1821"><a href="https://adsecurity.org/?page_id=1821" >Mimikatz</a></li><li class="menu-item menu-item-1352"><a href="https://adsecurity.org/?page_id=1352" >Presentations</a></li><li class="menu-item menu-item-195"><a href="https://adsecurity.org/?page_id=195" >Schema Versions</a></li><li class="menu-item menu-item-399"><a href="https://adsecurity.org/?page_id=399" >Security Resources</a></li><li class="menu-item menu-item-183"><a href="https://adsecurity.org/?page_id=183" >SPNs</a></li><li class="menu-item menu-item-2532"><a href="https://adsecurity.org/?page_id=2532" >Top Posts</a></li></ul> </div> </nav> <div id="content" class="clearfix hfeed row"> <div id="content-main" class="clearfix content-main col-md-8"> <div id="post-4031" class="clearfix post post-4031 page type-page status-publish hentry nodate item-wrap"> <div class="entry clearfix"> <h1 class="post-title entry-title"> Attack Defense &#038; Detection </h1> <div class="entry-content clearfix"> <p>This page is meant to be a resource for Detecting &amp; Defending against attacks.<br /> I provide references for the attacks and a number of defense &amp; detection techniques.</p> <p><strong><span style="text-decoration: underline;">Active Directory &amp; Windows Security</span></strong></p> <p><strong>ATTACK</strong></p> <p><span style="text-decoration: underline;">AD Recon</span></p> <ul> <li><a href="https://adsecurity.org/?p=2535">Active Directory Recon Without Admin Rights</a></li> <li><a href="https://adsecurity.org/?p=1508">SPN Scanning – Service Discovery without Network Port Scanning</a></li> <li><a href="https://adsecurity.org/?p=3700">Beyond Domain Admins – Domain Controller &amp; AD Administration</a></li> <li><a href="https://adsecurity.org/?p=3658">Scanning for Active Directory Privileges &amp; Privileged Accounts</a></li> <li><a href="https://blog.netspi.com/dumping-active-directory-domain-info-with-powerupsql/">Active Directory Recon with PowerUpSQL</a></li> <li><a href="https://www.harmj0y.net/blog/tag/powerview/">PowerView Usage Reference Posts by Harmj0y</a></li> <li><a href="https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993#file-powerview-3-0-tricks-ps1-L20-L21">PowerView one-liners (GitHub)</a></li> <li><a href="https://www.darkoperator.com/blog/2014/1/29/enumeration-using-the-meterpreter-adsi-extended-api-commands">Enumeration using the Meterpreter ADSI Extended API Commands</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">DCSync</span></p> <ul> <li><a href="https://adsecurity.org/?p=1729">DCSync: Attack &amp; Detection</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">DCShadow</span></p> <ul> <li><a href="https://www.dcshadow.com/">DCShadow.com</a></li> <li><a href="https://blog.alsid.eu/dcshadow-explained-4510f52fc19d">DCShadow explained: A technical deep dive into the latest AD attack technique</a></li> </ul> <p>&nbsp;</p> <p>DPAPI</p> <ul> <li><a href="https://www.harmj0y.net/blog/redteaming/operational-guidance-for-offensive-user-dpapi-abuse/">Operational Guidance for Offensive User DPAPI Abuse </a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Attacking Active Directory</span></p> <ul> <li><a href="https://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/">A Guide to Attacking Domain Trusts</a></li> <li><a href="https://adsecurity.org/?p=2716">Sneaky Active Directory Persistence #17: Group Policy</a></li> <li><a href="https://adsecurity.org/?p=1405">MS15-011 &amp; MS15-014: Microsoft Active Directory Group Policy (GPO) Vulnerabilities</a></li> <li><a href="https://adsecurity.org/?p=451">How Attackers Pull the Active Directory Database (NTDS.dit) from a Domain Controller</a></li> <li><a href="https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html">Practical Guide to NTLM Relaying</a></li> <li><a href="https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide">Microsoft ATA Guide to Suspicious Activity</a></li> <li><a href="https://blog.netspi.com/exploiting-adidns/">Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Active Directory Privilege Escalation:</span></p> <ul> <li><a href="https://adsecurity.org/?p=2362">Attack Methods for Gaining Domain Admin Rights in Active Directory</a></li> <li><a href="https://adsecurity.org/?p=2288">Finding Passwords in SYSVOL &amp; Exploiting Group Policy Preferences</a></li> <li><a href="https://adsecurity.org/?p=2398">How Attackers Dump Active Directory Database Credentials</a></li> <li><a href="https://adsecurity.org/?p=1684">The Most Common Active Directory Security Issues and What You Can Do to Fix Them</a></li> <li><a href="https://adsecurity.org/?p=3592">Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory</a></li> <li><a href="https://adsecurity.org/?p=4064">From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration</a></li> <li><a href="https://youtu.be/-bcWZQCLk_4?t=2194">Domain Controller running Print Server + Unconstrained Delegation = AD Domain Compromise</a> [<a href="https://github.com/leechristensen/SpoolSample">PoC</a>]</li> <li><a href="https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa">Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 edition)</a></li> <li><a href="https://blog.netspi.com/windows-privilege-escalation-part-2-domain-admin-privileges/">Windows Privilege Escalation Part 2: Domain Admin Privileges</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Kerberos (AD) Attacks</span></p> <ul> <li><a href="https://adsecurity.org/?p=1667">Kerberos Unconstrained Delegation (or How Compromise of a Single Server Can Compromise the Domain)</a></li> <li><a href="https://adsecurity.org/?p=541">Kerberos Vulnerability in MS14-068 (KB3011780) Explained</a></li> <li><a style="background-color: #ffffff;" href="https://adsecurity.org/?p=3458">Kerberoast/Kerberoasting: Attack &amp; Detection</a></li> <li><a href="https://www.harmj0y.net/blog/activedirectory/targeted-kerberoasting/">Targeted Kerberoasting </a></li> <li><a href="https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/">Kerberoasting without Mimikatz </a></li> <li><a href="https://www.harmj0y.net/blog/activedirectory/roasting-as-reps/">Roasting AS-REPs (Harmj0y)</a></li> <li><a href="https://www.harmj0y.net/blog/activedirectory/s4u2pwnage/">S4U2Pwnage </a></li> <li><a href="https://www.trustedsec.com/2018/10/w32-coozie-discovering-oracle-cve-2018-3253/">Oracle AD attribute contains hashed version of AD account (user/computer) password</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Forged Kerberos Tickets</span></p> <ul> <li><a href="https://adsecurity.org/?p=2753">Computer Accounts &amp; Domain Controller Silver Tickets</a></li> <li><a href="https://adsecurity.org/?p=2011">How Attackers Use Kerberos Silver Tickets to Exploit Systems</a></li> <li><a href="https://adsecurity.org/?p=1640">Kerberos Golden Tickets are Now More Golden</a></li> </ul> <p>&nbsp;</p> <p>&nbsp;</p> <p><strong>DEFENSE</strong></p> <p><span style="text-decoration: underline;">Windows Security</span></p> <ul> <li><a href="https://adsecurity.org/?p=3377">Securing Domain Controllers to Improve Active Directory Security</a></li> <li><a href="https://adsecurity.org/?p=3299">Securing Windows Workstations: Developing a Secure Baseline</a></li> <li><a href="https://adsecurity.org/?p=559">Microsoft KB2871997: Back-Porting Windows 8.1/Win2012R2 Enhanced Security &amp; Pass The Hash Mitigation to Windows 7, Windows 8, &amp; Windows 2008R2</a></li> <li><a href="https://channel9.msdn.com/Events/Ignite/New-Zealand-2016/M377">Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network (Jessica Payne&#8217;s speaks at Ignite)</a></li> <li><a href="https://medium.com/@cryps1s/endpoint-isolation-with-the-windows-firewall-462a795f4cfb">Endpoint Isolation with the Windows Firewall</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Windows 10 Security</span></p> <ul> <li><a href="https://blogs.technet.microsoft.com/secguide/2018/10/01/security-baseline-draft-for-windows-10-v1809-and-windows-server-2019/">Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019</a></li> <li><a href="https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-for-windows-10-april-2018-update-v1803-final/">Security baseline for Windows 10 “April 2018 Update” (v1803) – FINAL </a></li> <li><a href="https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final/">Security baseline for Windows 10 “Creators Update” (v1703) – FINAL</a></li> <li><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard">Windows 10 ExploitGuard Attack Surface Reduction Rules</a></li> <li><a href="https://blogs.technet.microsoft.com/secguide/2018/06/29/policy-analyzer-minor-update/">Microsoft Policy Analyzer (for comparing GPO settings)</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Windows Event Auditing</span></p> <ul> <li><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings">Microsoft Docs: Advanced security audit policy settings (great event log resource)</a></li> <li><a href="https://github.com/MicrosoftDocs/windows-itpro-docs/tree/master/windows/security/threat-protection/auditing">Microsoft Windows IT Pro Docs on Github: windows-itpro-docs/windows/security/threat-protection/auditing/</a></li> <li><a href="https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/">Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Effective Defenses &amp; Hunting</span></p> <ul> <li><a href="https://adsecurity.org/?p=1790">Manage Local Administrator Account Passwords: Microsoft Local Administrator Password Solution (LAPS)</a></li> <li><a href="https://trimarcsecurity.com/transcript-detecting-the-elusive-active-directory-threat-hunting-seanmetcalf">Active Directory Threat Hunting &#8211; Effective AD Event Auditing</a>: <a href="https://www.youtube.com/watch?v=9Uo7V9OUaUw">Video</a> &amp; <a href="https://adsecurity.org/wp-content/uploads/2017/04/2017-BSidesCharm-DetectingtheElusive-ActiveDirectoryThreatHunting-Final.pdf">Slides</a></li> <li><a href="https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles/">Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI (aka &#8220;Weffles&#8221;)</a></li> <li><a href="https://www.harmj0y.net/blog/defense/hunting-with-active-directory-replication-metadata/">Hunting With Active Directory Replication Metadata </a></li> <li><a href="https://www.darkoperator.com/blog/2017/10/14/basics-of-tracking-wmi-activity">Basics of Tracking WMI Activity</a></li> <li><a href="https://aka.ms/toppopslam">Presentation of SLAM and Lateral Movement (Channel9 video with Jessica Payne)</a></li> <li><a href="https://blogs.technet.microsoft.com/jepayne/2015/11/26/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts/">Tracking Lateral Movement Part One – Special Groups and Specific Service Accounts</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Application Whitelisting Resources</span></p> <ul> <li><a href="https://blogs.msdn.microsoft.com/aaron_margosis/2018/10/11/aaronlocker-update-v0-91-and-see-aaronlocker-in-action-on-channel-9/">“AaronLocker” update (v0.91) — and see “AaronLocker” in action on Channel 9!</a></li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">Building Robust Detection</span></p> <ul> <li><a href="https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856">Lessons Learned in Detection Engineering</a></li> <li><a href="https://medium.com/palantir/alerting-and-detection-strategy-framework-52dc33722df2">Alerting and Detection Strategy Framework</a></li> <li><a href="https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/">A SOCless Detection Team at Netflix</a></li> <li><a href="https://medium.com/@cryps1s/detecting-windows-endpoint-compromise-with-sacls-cd748e10950">Detecting Windows Endpoint Compromise with SACLs</a></li> <li><a href="https://github.com/Invoke-IR/ACE/">Automated Collection and Enrichment</a></li> <li><a href="https://github.com/Cyb3rWard0g/HELK/wiki">The HELK </a></li> </ul> <p>&nbsp;</p> <p><strong>ADFS</strong></p> <ul> <li><a href="https://adsecurity.org/?p=3782">Securing Microsoft Active Directory Federation Server (ADFS)</a></li> </ul> <p>&nbsp;</p> <p><strong>POWERSHELL</strong></p> <ul> <li><a href="https://adsecurity.org/?p=2921">PowerShell Attack &amp; Detection</a></li> <li><a href="https://www.fireeye.com/blog/threat-research/2018/07/malicious-powershell-detection-via-machine-learning.html">Malicious PowerShell Detection with Machine Learning (FireEye)</a></li> <li><a href="https://blogs.msdn.microsoft.com/powershell/2017/10/23/defending-against-powershell-attacks/">Defending Against PowerShell Attacks (Microsoft)</a></li> <li><a href="https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And%20Evasion-Using-Science-wp.pdf">Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science (Black Hat whitepaper by Daniel Bohannon &amp; Lee Holmes)</a></li> </ul> <p>&nbsp;</p> <p><strong>TOOLS</strong></p> <ul> <li><a href="https://github.com/gentilkiwi/mimikatz">Mimikatz</a>: <a href="https://adsecurity.org/?page_id=1821">Info</a></li> <li><a href="https://github.com/gentilkiwi/kekeo">Kekeo</a></li> <li><a href="https://github.com/sense-of-security/ADRecon">ADRecon</a>: PowerShell recon tool for AD</li> <li><a href="https://github.com/BloodHoundAD/Bloodhound/wiki">Bloodhound</a>: Map out AD permissions &amp; rights via graphs</li> <li><a href="https://github.com/byt3bl33d3r/CrackMapExec">CrackMapExec</a>: Pentesting toolkit</li> <li><a href="https://github.com/byt3bl33d3r/DeathStar">DeathStar</a>: A Python script to auto-pwn Active Directory</li> <li>Impacket: Collection of pentesting python tools</li> <li><a href="https://github.com/Kevin-Robertson/Inveigh">Inveigh</a>: PowerShell tool to get network creds</li> <li><a href="https://github.com/NetSPI/MicroBurst">MicroBurst</a>: Tool for assessing Azure security</li> <li><a href="https://www.pingcastle.com/download/">PingCastle</a>: Tool for evaluating Active Directory security</li> <li><a href="https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon">PowerView</a>: PowerShell AD recon</li> <li><a href="https://github.com/jaredhaight/PSAttack">PSAttack</a>: PowerShell attack tools in an EXE</li> <li><a href="https://github.com/SpiderLabs/Responder">Responder</a>: The easy button for getting network creds</li> <li><a href="https://github.com/GhostPack/Rubeus">Rubeus</a>: the C# port of Kekeo <a href="https://www.harmj0y.net/blog/redteaming/from-kekeo-to-rubeus/">Info</a> &amp; <a href="https://www.harmj0y.net/blog/redteaming/rubeus-now-with-more-kekeo/">Updates</a></li> <li><a href="https://github.com/GhostPack/Seatbelt">Seatbelt</a>: Host survey tool</li> <li><a href="https://github.com/cobbr/SharpSploit">SharpSploit</a>: a partial C# port of PowerSploit</li> </ul> <p>&nbsp;</p> <p><strong>TWITTER ACCOUNTS TO FOLLOW</strong></p> <ul> <li>Aaron Margosis <a href="https://twitter.com/AaronMargosis">@AaronMargosis</a> &#8211; co-author with Mark Russinovich on SysInternal books (and topics), publishes the Microsoft Windows security baselines (Windows 10, Windows Server 2016, etc), and AaronLocker (simpler method of deploying AppLocker).</li> <li>Andy Robbins <a href="https://twitter.com/_wald0">@_wald0</a> &amp; Rohan Vazarkar <a href="https://twitter.com/CptJesus">@cptjesus</a> &#8211; wrote Bloodhound</li> <li>Benjamin Delpy <a href="https://twitter.com/gentilkiwi">@gentilkiwi</a> &#8211; wrote Mimikatz &amp; Kekeo</li> <li>Carlos Perez <a href="https://twitter.com/Carlos_Perez">@Carlos_Perez</a> &#8211; Red/Blue/Purple teamer focused on Windows &amp; AD security and more (&amp; Microsoft MVP)</li> <li>Dane <a href="https://twitter.com/cryps1s">@cryps1s</a> &#8211; has published real-world Windows firewall, Windows Event Forwarding (WEF) references, and other Windows security topics.</li> <li>DirectoryRanger <a href="https://twitter.com/DirectoryRanger">@DirectoryRanger</a> &#8211; tweets out useful info relating to AD security</li> <li>Jason Fossen <a href="https://twitter.com/JasonFossen">@JasonFossen</a> &#8211; SANS Instructor on Windows security topics</li> <li>Jess Dodson <a href="https://twitter.com/girlgerms">@girlgerms</a> &#8211; blogger &amp; speaker on Active Directory security topics (&amp; Microsoft MVP)</li> <li>Jessica Payne <a href="https://twitter.com/jepayneMSFT">@jepayneMSFT</a> &#8211; has promoted the use of the Windows Firewall and created WEFFLES.</li> <li>Lee Christensen <a href="https://twitter.com/tifkin_">@tifkin_</a> &#8211; wrote many cool tools like unmanaged PowerShell used in most attack tools &amp; discovered the <a href="https://adsecurity.org/?p=4056">DC Print Service/Unconstrained delegation privilege escalation</a>.</li> <li>Marcello <a href="https://twitter.com/byt3bl33d3r">@byt3bl33d3r</a> &#8211; publishes offensive Windows &amp; AD tools like <a href="https://github.com/byt3bl33d3r/CrackMapExec">CrackMapExec</a>, <a href="https://github.com/byt3bl33d3r/DeathStar">DeathStar</a>, <a href="https://github.com/byt3bl33d3r/SprayingToolkit">Password Spraying Toolkit</a>, etc.</li> <li>Matt Graeber <a href="https://twitter.com/mattifestation">@mattifestation</a> &#8211; founded PowerSploit, documented Device Guard, and numerous PowerShell and Device Guard bypasses (&amp; Microsoft MVP)</li> <li>Matt Nelson <a href="https://twitter.com/enigma0x3">@enigma0x3</a> &#8211; discovered numerous Windows vulnerabilities and privilege escalations (top 100 Microsoft security researchers)</li> <li>Oddvar Moe <a href="https://twitter.com/Oddvarmoe">@Oddvarmoe</a> &#8211; Windows security researcher (&amp; Microsoft MVP)</li> <li>Sean Metcalf <a href="https://twitter.com/PyroTek3">@PyroTek3</a> &#8211; maintainer of ADSecurity.org and AD enthusiast.</li> <li>SwiftOnSecurity <a href="https://twitter.com/SwiftOnSecurity">@SwiftonSecurity</a> &#8211; the parody account that&#8217;s worth following. Tons of Windows advice and recommendations not found elsewhere based on real world experience (&amp; Microsoft MVP)</li> <li>Vincent LeToux <a href="https://twitter.com/mysmartlogon">@mysmartlogon</a> &#8211; wrote the DCSync &amp; DCShadow components in Mimikatz</li> <li>Will <a href="https://twitter.com/harmj0y">@Harmj0y</a> &#8211; wrote PowerView, the original Bloodhound ingest PowerShell script, Rubeus and more!  (&amp; Microsoft MVP)</li> <li>Microsoft Azure AD <a href="https://twitter.com/azuread">@AzureAD</a> &#8211; Microsoft&#8217;s Azure Active Directory account tweets info about&#8230; Azure AD topics.</li> </ul> <p>Don&#8217;t follow <a href="https://twitter.com/NerdPyle">@NerdPyle</a> since he doesn&#8217;t talk AD anymore. 😉</p> <p><em>(I&#8217;m sure there are a bunch I forgot)</em></p> <p>&nbsp;</p> <p><strong><a href="https://attack.mitre.org/wiki/Main_Page">MITRE ATT&amp;CK</a> ACTIVE DIRECTORY RELATED ELEMENTS</strong></p> <ul> <li><a href="https://attack.mitre.org/wiki/Technique/T1087">Account Discovery</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1098">Account Manipulation</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1003">Credential Dumping</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1207">DCShadow</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1212">Exploitation for Credential Access</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1210">Exploitation of Remote Services</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1208">Kerberoasting</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1171">LLMNR/NBT-NS Poisoning</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1037">Logon Scripts</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1177">LSASS Driver</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1046">Network Service Scanning</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1040">Network Sniffing</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1135">Network Share Discovery</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1075">Pass the Hash (PTH)</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1097">Pass the Ticket (PTT)</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1174">Password Filter DLL</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1201">Password Policy Discovery</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1069">Permission Group Discovery</a></li> <li><a href="https://attack.mitre.org/wiki/Privilege_Escalation">Privilege Escalation</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1018">Remote System Discovery</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1101">Security Support Provider</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1178">SID History Injection</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1016">System Network Configuration Discovery</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1111">Two-Factor Authentication Interception</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1077">Windows Admin Shares</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1047">Windows Management Instrumentation (WMI)</a></li> <li><a href="https://attack.mitre.org/wiki/Technique/T1028">Windows Remote Management (WinRM)</a></li> </ul> <p>&nbsp;</p> <div class="tptn_counter" id="tptn_counter_4031">(Visited 179,489 times, 31 visits today)</div> </div> </div> </div> </div><!-- #content-main --> <div id="sidebar1" class="sidebar sidebar-right widget-area col-md-4"> <div id="recent-posts-4" class="sidebar-wrap widget_recent_entries"> <h3>Recent Posts</h3> <ul> <li> <a href="https://adsecurity.org/?p=4436">BSides Dublin &#8211; The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations &#8211; Sean Metcalf</a> </li> <li> <a href="https://adsecurity.org/?p=4434">DEFCON 2017: Transcript &#8211; Hacking the Cloud</a> </li> <li> <a href="https://adsecurity.org/?p=4432">Detecting the Elusive: Active Directory Threat Hunting</a> </li> <li> <a href="https://adsecurity.org/?p=4430">Detecting Kerberoasting Activity</a> </li> <li> <a href="https://adsecurity.org/?p=4428">Detecting Password Spraying with Security Event Auditing</a> </li> </ul> </div><div id="text-3" class="sidebar-wrap widget_text"><h3>Trimarc Active Directory Security Services</h3> <div class="textwidget">Have concerns about your Active Directory environment? Trimarc helps enterprises improve their security posture. <p> <a href="http://trimarcsecurity.com/security-services">Find out how...</a> TrimarcSecurity.com</div> </div><div id="widget_tptn_pop-4" class="sidebar-wrap tptn_posts_list_widget"><h3>Popular Posts</h3><div class="tptn_posts tptn_posts_widget tptn_posts_widget4"><ul><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=478" class="tptn_link"><span class="tptn_title">PowerShell Encoding &#038; Decoding (Base64)</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=2362" class="tptn_link"><span class="tptn_title">Attack Methods for Gaining Domain Admin Rights in&hellip;</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=483" class="tptn_link"><span class="tptn_title">Kerberos &#038; KRBTGT: Active Directory&#8217;s&hellip;</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=2288" class="tptn_link"><span class="tptn_title">Finding Passwords in SYSVOL &#038; Exploiting Group&hellip;</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3377" class="tptn_link"><span class="tptn_title">Securing Domain Controllers to Improve Active&hellip;</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3299" class="tptn_link"><span class="tptn_title">Securing Windows Workstations: Developing a Secure Baseline</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3458" class="tptn_link"><span class="tptn_title">Detecting Kerberoasting Activity</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=1729" class="tptn_link"><span class="tptn_title">Mimikatz DCSync Usage, Exploitation, and Detection</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3658" class="tptn_link"><span class="tptn_title">Scanning for Active Directory Privileges &#038;&hellip;</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3164" class="tptn_link"><span class="tptn_title">Microsoft LAPS Security &#038; Active Directory LAPS&hellip;</span></a></span></li></ul><div class="tptn_clear"></div></div></div><div id="categories-4" class="sidebar-wrap widget_categories"><h3>Categories</h3> <ul> <li class="cat-item cat-item-565"><a href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a> </li> <li class="cat-item cat-item-55"><a href="https://adsecurity.org/?cat=55">Apple Security</a> </li> <li class="cat-item cat-item-431"><a href="https://adsecurity.org/?cat=431">Cloud Security</a> </li> <li class="cat-item cat-item-17"><a href="https://adsecurity.org/?cat=17">Continuing Education</a> </li> <li class="cat-item cat-item-396"><a href="https://adsecurity.org/?cat=396">Entertainment</a> </li> <li class="cat-item cat-item-347"><a href="https://adsecurity.org/?cat=347">Exploit</a> </li> <li class="cat-item cat-item-1039"><a href="https://adsecurity.org/?cat=1039">Hacking</a> </li> <li class="cat-item cat-item-168"><a href="https://adsecurity.org/?cat=168">Hardware Security</a> </li> <li class="cat-item cat-item-172"><a href="https://adsecurity.org/?cat=172">Hypervisor Security</a> </li> <li class="cat-item cat-item-126"><a href="https://adsecurity.org/?cat=126">Linux/Unix Security</a> </li> <li class="cat-item cat-item-343"><a href="https://adsecurity.org/?cat=343">Malware</a> </li> <li class="cat-item cat-item-11"><a href="https://adsecurity.org/?cat=11">Microsoft Security</a> </li> <li class="cat-item cat-item-819"><a href="https://adsecurity.org/?cat=819">Mitigation</a> </li> <li class="cat-item cat-item-48"><a href="https://adsecurity.org/?cat=48">Network/System Security</a> </li> <li class="cat-item cat-item-7"><a href="https://adsecurity.org/?cat=7">PowerShell</a> </li> <li class="cat-item cat-item-698"><a href="https://adsecurity.org/?cat=698">RealWorld</a> </li> <li class="cat-item cat-item-21"><a href="https://adsecurity.org/?cat=21">Security</a> </li> <li class="cat-item cat-item-234"><a href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a> </li> <li class="cat-item cat-item-1045"><a href="https://adsecurity.org/?cat=1045">Security Recommendation</a> </li> <li class="cat-item cat-item-24"><a href="https://adsecurity.org/?cat=24">Technical Article</a> </li> <li class="cat-item cat-item-4"><a href="https://adsecurity.org/?cat=4">Technical Reading</a> </li> <li class="cat-item cat-item-2"><a href="https://adsecurity.org/?cat=2">Technical Reference</a> </li> <li class="cat-item cat-item-156"><a href="https://adsecurity.org/?cat=156">TheCloud</a> </li> <li class="cat-item cat-item-930"><a href="https://adsecurity.org/?cat=930">Vulnerability</a> </li> </ul> </div><div id="tag_cloud-3" class="sidebar-wrap widget_tag_cloud"><h3>Tags</h3><div class="tagcloud"><a href="https://adsecurity.org/?tag=activedirectory" class="tag-cloud-link tag-link-20 tag-link-position-1" style="font-size: 22pt;" aria-label="ActiveDirectory (55 items)">ActiveDirectory</a> <a href="https://adsecurity.org/?tag=active-directory" class="tag-cloud-link tag-link-75 tag-link-position-2" style="font-size: 10.453608247423pt;" aria-label="Active Directory (8 items)">Active Directory</a> <a href="https://adsecurity.org/?tag=active-directory-security" class="tag-cloud-link tag-link-976 tag-link-position-3" style="font-size: 9.7319587628866pt;" aria-label="Active Directory Security (7 items)">Active Directory Security</a> <a href="https://adsecurity.org/?tag=activedirectorysecurity" class="tag-cloud-link tag-link-113 tag-link-position-4" style="font-size: 13.773195876289pt;" aria-label="ActiveDirectorySecurity (14 items)">ActiveDirectorySecurity</a> <a href="https://adsecurity.org/?tag=adreading" class="tag-cloud-link tag-link-5 tag-link-position-5" style="font-size: 13.340206185567pt;" aria-label="ADReading (13 items)">ADReading</a> <a href="https://adsecurity.org/?tag=ad-security" class="tag-cloud-link tag-link-100 tag-link-position-6" style="font-size: 8pt;" aria-label="AD Security (5 items)">AD Security</a> <a href="https://adsecurity.org/?tag=adsecurity" class="tag-cloud-link tag-link-86 tag-link-position-7" style="font-size: 10.453608247423pt;" aria-label="ADSecurity (8 items)">ADSecurity</a> <a href="https://adsecurity.org/?tag=azure" class="tag-cloud-link tag-link-25 tag-link-position-8" style="font-size: 8pt;" aria-label="Azure (5 items)">Azure</a> <a href="https://adsecurity.org/?tag=azuread" class="tag-cloud-link tag-link-136 tag-link-position-9" style="font-size: 8pt;" aria-label="AzureAD (5 items)">AzureAD</a> <a href="https://adsecurity.org/?tag=dcsync" class="tag-cloud-link tag-link-598 tag-link-position-10" style="font-size: 10.453608247423pt;" aria-label="DCSync (8 items)">DCSync</a> <a href="https://adsecurity.org/?tag=domaincontroller" class="tag-cloud-link tag-link-101 tag-link-position-11" style="font-size: 15.216494845361pt;" aria-label="DomainController (18 items)">DomainController</a> <a href="https://adsecurity.org/?tag=goldenticket" class="tag-cloud-link tag-link-303 tag-link-position-12" style="font-size: 11.175257731959pt;" aria-label="GoldenTicket (9 items)">GoldenTicket</a> <a href="https://adsecurity.org/?tag=grouppolicy" class="tag-cloud-link tag-link-196 tag-link-position-13" style="font-size: 8pt;" aria-label="GroupPolicy (5 items)">GroupPolicy</a> <a href="https://adsecurity.org/?tag=hyperv" class="tag-cloud-link tag-link-3 tag-link-position-14" style="font-size: 8pt;" aria-label="HyperV (5 items)">HyperV</a> <a href="https://adsecurity.org/?tag=invoke-mimikatz" class="tag-cloud-link tag-link-336 tag-link-position-15" style="font-size: 10.453608247423pt;" aria-label="Invoke-Mimikatz (8 items)">Invoke-Mimikatz</a> <a href="https://adsecurity.org/?tag=kb3011780" class="tag-cloud-link tag-link-337 tag-link-position-16" style="font-size: 9.7319587628866pt;" aria-label="KB3011780 (7 items)">KB3011780</a> <a href="https://adsecurity.org/?tag=kdc" class="tag-cloud-link tag-link-80 tag-link-position-17" style="font-size: 8pt;" aria-label="KDC (5 items)">KDC</a> <a href="https://adsecurity.org/?tag=kerberos" class="tag-cloud-link tag-link-81 tag-link-position-18" style="font-size: 15.216494845361pt;" aria-label="Kerberos (18 items)">Kerberos</a> <a href="https://adsecurity.org/?tag=kerberoshacking" class="tag-cloud-link tag-link-298 tag-link-position-19" style="font-size: 11.752577319588pt;" aria-label="KerberosHacking (10 items)">KerberosHacking</a> <a href="https://adsecurity.org/?tag=krbtgt" class="tag-cloud-link tag-link-394 tag-link-position-20" style="font-size: 9.7319587628866pt;" aria-label="KRBTGT (7 items)">KRBTGT</a> <a href="https://adsecurity.org/?tag=laps" class="tag-cloud-link tag-link-631 tag-link-position-21" style="font-size: 9.0103092783505pt;" aria-label="LAPS (6 items)">LAPS</a> <a href="https://adsecurity.org/?tag=lsass" class="tag-cloud-link tag-link-71 tag-link-position-22" style="font-size: 11.175257731959pt;" aria-label="LSASS (9 items)">LSASS</a> <a href="https://adsecurity.org/?tag=mcm" class="tag-cloud-link tag-link-6 tag-link-position-23" style="font-size: 14.061855670103pt;" aria-label="MCM (15 items)">MCM</a> <a href="https://adsecurity.org/?tag=microsoftemet" class="tag-cloud-link tag-link-58 tag-link-position-24" style="font-size: 11.175257731959pt;" aria-label="MicrosoftEMET (9 items)">MicrosoftEMET</a> <a href="https://adsecurity.org/?tag=microsoftwindows" class="tag-cloud-link tag-link-102 tag-link-position-25" style="font-size: 9.7319587628866pt;" aria-label="MicrosoftWindows (7 items)">MicrosoftWindows</a> <a href="https://adsecurity.org/?tag=mimikatz" class="tag-cloud-link tag-link-207 tag-link-position-26" style="font-size: 18.103092783505pt;" aria-label="mimikatz (29 items)">mimikatz</a> <a href="https://adsecurity.org/?tag=ms14068" class="tag-cloud-link tag-link-295 tag-link-position-27" style="font-size: 11.175257731959pt;" aria-label="MS14068 (9 items)">MS14068</a> <a href="https://adsecurity.org/?tag=passthehash" class="tag-cloud-link tag-link-44 tag-link-position-28" style="font-size: 9.7319587628866pt;" aria-label="PassTheHash (7 items)">PassTheHash</a> <a href="https://adsecurity.org/?tag=powershell" class="tag-cloud-link tag-link-575 tag-link-position-29" style="font-size: 18.536082474227pt;" aria-label="PowerShell (31 items)">PowerShell</a> <a href="https://adsecurity.org/?tag=powershellcode" class="tag-cloud-link tag-link-22 tag-link-position-30" style="font-size: 14.927835051546pt;" aria-label="PowerShellCode (17 items)">PowerShellCode</a> <a href="https://adsecurity.org/?tag=powershellhacking" class="tag-cloud-link tag-link-68 tag-link-position-31" style="font-size: 8pt;" aria-label="PowerShellHacking (5 items)">PowerShellHacking</a> <a href="https://adsecurity.org/?tag=powershellv5" class="tag-cloud-link tag-link-69 tag-link-position-32" style="font-size: 8pt;" aria-label="PowerShellv5 (5 items)">PowerShellv5</a> <a href="https://adsecurity.org/?tag=powersploit" class="tag-cloud-link tag-link-232 tag-link-position-33" style="font-size: 10.453608247423pt;" aria-label="PowerSploit (8 items)">PowerSploit</a> <a href="https://adsecurity.org/?tag=presentation" class="tag-cloud-link tag-link-422 tag-link-position-34" style="font-size: 9.7319587628866pt;" aria-label="Presentation (7 items)">Presentation</a> <a href="https://adsecurity.org/?tag=security" class="tag-cloud-link tag-link-576 tag-link-position-35" style="font-size: 8pt;" aria-label="Security (5 items)">Security</a> <a href="https://adsecurity.org/?tag=silverticket" class="tag-cloud-link tag-link-304 tag-link-position-36" style="font-size: 11.175257731959pt;" aria-label="SilverTicket (9 items)">SilverTicket</a> <a href="https://adsecurity.org/?tag=sneakyadpersistence" class="tag-cloud-link tag-link-596 tag-link-position-37" style="font-size: 9.0103092783505pt;" aria-label="SneakyADPersistence (6 items)">SneakyADPersistence</a> <a href="https://adsecurity.org/?tag=spn" class="tag-cloud-link tag-link-294 tag-link-position-38" style="font-size: 9.0103092783505pt;" aria-label="SPN (6 items)">SPN</a> <a href="https://adsecurity.org/?tag=tgs" class="tag-cloud-link tag-link-528 tag-link-position-39" style="font-size: 9.0103092783505pt;" aria-label="TGS (6 items)">TGS</a> <a href="https://adsecurity.org/?tag=tgt" class="tag-cloud-link tag-link-529 tag-link-position-40" style="font-size: 9.0103092783505pt;" aria-label="TGT (6 items)">TGT</a> <a href="https://adsecurity.org/?tag=windows7" class="tag-cloud-link tag-link-117 tag-link-position-41" style="font-size: 8pt;" aria-label="Windows7 (5 items)">Windows7</a> <a href="https://adsecurity.org/?tag=windows10" class="tag-cloud-link tag-link-494 tag-link-position-42" style="font-size: 10.453608247423pt;" aria-label="Windows10 (8 items)">Windows10</a> <a href="https://adsecurity.org/?tag=windowsserver2008r2" class="tag-cloud-link tag-link-46 tag-link-position-43" style="font-size: 9.0103092783505pt;" aria-label="WindowsServer2008R2 (6 items)">WindowsServer2008R2</a> <a href="https://adsecurity.org/?tag=windowsserver2012" class="tag-cloud-link tag-link-47 tag-link-position-44" style="font-size: 11.175257731959pt;" aria-label="WindowsServer2012 (9 items)">WindowsServer2012</a> <a href="https://adsecurity.org/?tag=windowsserver2012r2" class="tag-cloud-link tag-link-54 tag-link-position-45" style="font-size: 9.7319587628866pt;" aria-label="WindowsServer2012R2 (7 items)">WindowsServer2012R2</a></div> </div><div id="search-2" class="sidebar-wrap widget_search"><form class="searchform" method="get" action="https://adsecurity.org"> <div class="input-group"> <div class="form-group live-search-input"> <label for="s" class="screen-reader-text">Search for:</label> <input type="text" id="s" name="s" class="form-control" placeholder="Search"> </div> <span class="input-group-btn"> <button class="btn btn-default" type="submit"><i class="fa fa-search"></i></button> </span> </div> </form></div> <div id="recent-posts-2" class="sidebar-wrap widget_recent_entries"> <h3>Recent Posts</h3> <ul> <li> <a href="https://adsecurity.org/?p=4436">BSides Dublin &#8211; The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations &#8211; Sean Metcalf</a> </li> <li> <a href="https://adsecurity.org/?p=4434">DEFCON 2017: Transcript &#8211; Hacking the Cloud</a> </li> <li> <a href="https://adsecurity.org/?p=4432">Detecting the Elusive: Active Directory Threat Hunting</a> </li> <li> <a href="https://adsecurity.org/?p=4430">Detecting Kerberoasting Activity</a> </li> <li> <a href="https://adsecurity.org/?p=4428">Detecting Password Spraying with Security Event Auditing</a> </li> </ul> </div><div id="recent-comments-2" class="sidebar-wrap widget_recent_comments"><h3>Recent Comments</h3><ul id="recentcomments"><li class="recentcomments"><span class="comment-author-link">Derek</span> on <a href="https://adsecurity.org/?p=3592#comment-13603">Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory</a></li><li class="recentcomments"><span class="comment-author-link"><a href="https://ADSecurity.org" class="url" rel="ugc">Sean Metcalf</a></span> on <a href="https://adsecurity.org/?p=3782#comment-13545">Securing Microsoft Active Directory Federation Server (ADFS)</a></li><li class="recentcomments"><span class="comment-author-link">Brad</span> on <a href="https://adsecurity.org/?p=3782#comment-13544">Securing Microsoft Active Directory Federation Server (ADFS)</a></li><li class="recentcomments"><span class="comment-author-link">Joonas</span> on <a href="https://adsecurity.org/?p=3719#comment-13229">Gathering AD Data with the Active Directory PowerShell Module</a></li><li class="recentcomments"><span class="comment-author-link"><a href="https://ADSecurity.org" class="url" rel="ugc">Sean Metcalf</a></span> on <a href="https://adsecurity.org/?p=3719#comment-13215">Gathering AD Data with the Active Directory PowerShell Module</a></li></ul></div><div id="archives-2" class="sidebar-wrap widget_archive"><h3>Archives</h3> <ul> <li><a href='https://adsecurity.org/?m=202406'>June 2024</a></li> <li><a href='https://adsecurity.org/?m=202405'>May 2024</a></li> <li><a href='https://adsecurity.org/?m=202005'>May 2020</a></li> <li><a href='https://adsecurity.org/?m=202001'>January 2020</a></li> <li><a href='https://adsecurity.org/?m=201908'>August 2019</a></li> <li><a href='https://adsecurity.org/?m=201903'>March 2019</a></li> <li><a href='https://adsecurity.org/?m=201902'>February 2019</a></li> <li><a href='https://adsecurity.org/?m=201810'>October 2018</a></li> <li><a href='https://adsecurity.org/?m=201808'>August 2018</a></li> <li><a href='https://adsecurity.org/?m=201805'>May 2018</a></li> <li><a href='https://adsecurity.org/?m=201801'>January 2018</a></li> <li><a href='https://adsecurity.org/?m=201711'>November 2017</a></li> <li><a href='https://adsecurity.org/?m=201708'>August 2017</a></li> <li><a href='https://adsecurity.org/?m=201706'>June 2017</a></li> <li><a href='https://adsecurity.org/?m=201705'>May 2017</a></li> <li><a href='https://adsecurity.org/?m=201702'>February 2017</a></li> <li><a href='https://adsecurity.org/?m=201701'>January 2017</a></li> <li><a href='https://adsecurity.org/?m=201611'>November 2016</a></li> <li><a href='https://adsecurity.org/?m=201610'>October 2016</a></li> <li><a href='https://adsecurity.org/?m=201609'>September 2016</a></li> <li><a href='https://adsecurity.org/?m=201608'>August 2016</a></li> <li><a href='https://adsecurity.org/?m=201607'>July 2016</a></li> <li><a href='https://adsecurity.org/?m=201606'>June 2016</a></li> <li><a href='https://adsecurity.org/?m=201604'>April 2016</a></li> <li><a href='https://adsecurity.org/?m=201603'>March 2016</a></li> <li><a href='https://adsecurity.org/?m=201602'>February 2016</a></li> <li><a href='https://adsecurity.org/?m=201601'>January 2016</a></li> <li><a href='https://adsecurity.org/?m=201512'>December 2015</a></li> <li><a href='https://adsecurity.org/?m=201511'>November 2015</a></li> <li><a href='https://adsecurity.org/?m=201510'>October 2015</a></li> <li><a href='https://adsecurity.org/?m=201509'>September 2015</a></li> <li><a href='https://adsecurity.org/?m=201508'>August 2015</a></li> <li><a href='https://adsecurity.org/?m=201507'>July 2015</a></li> <li><a href='https://adsecurity.org/?m=201506'>June 2015</a></li> <li><a href='https://adsecurity.org/?m=201505'>May 2015</a></li> <li><a href='https://adsecurity.org/?m=201504'>April 2015</a></li> <li><a href='https://adsecurity.org/?m=201503'>March 2015</a></li> <li><a href='https://adsecurity.org/?m=201502'>February 2015</a></li> <li><a href='https://adsecurity.org/?m=201501'>January 2015</a></li> <li><a href='https://adsecurity.org/?m=201412'>December 2014</a></li> <li><a href='https://adsecurity.org/?m=201411'>November 2014</a></li> <li><a href='https://adsecurity.org/?m=201410'>October 2014</a></li> <li><a href='https://adsecurity.org/?m=201409'>September 2014</a></li> <li><a href='https://adsecurity.org/?m=201408'>August 2014</a></li> <li><a href='https://adsecurity.org/?m=201407'>July 2014</a></li> <li><a href='https://adsecurity.org/?m=201406'>June 2014</a></li> <li><a href='https://adsecurity.org/?m=201405'>May 2014</a></li> <li><a href='https://adsecurity.org/?m=201404'>April 2014</a></li> <li><a href='https://adsecurity.org/?m=201403'>March 2014</a></li> <li><a href='https://adsecurity.org/?m=201402'>February 2014</a></li> <li><a href='https://adsecurity.org/?m=201307'>July 2013</a></li> <li><a href='https://adsecurity.org/?m=201211'>November 2012</a></li> <li><a href='https://adsecurity.org/?m=201203'>March 2012</a></li> <li><a href='https://adsecurity.org/?m=201202'>February 2012</a></li> </ul> </div><div id="categories-2" class="sidebar-wrap widget_categories"><h3>Categories</h3> <ul> <li class="cat-item cat-item-565"><a href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a> </li> <li class="cat-item cat-item-55"><a href="https://adsecurity.org/?cat=55">Apple Security</a> </li> <li class="cat-item cat-item-431"><a href="https://adsecurity.org/?cat=431">Cloud Security</a> </li> <li class="cat-item cat-item-17"><a href="https://adsecurity.org/?cat=17">Continuing Education</a> </li> <li class="cat-item cat-item-396"><a href="https://adsecurity.org/?cat=396">Entertainment</a> </li> <li class="cat-item cat-item-347"><a href="https://adsecurity.org/?cat=347">Exploit</a> </li> <li class="cat-item cat-item-1039"><a href="https://adsecurity.org/?cat=1039">Hacking</a> </li> <li class="cat-item cat-item-168"><a href="https://adsecurity.org/?cat=168">Hardware Security</a> </li> <li class="cat-item cat-item-172"><a href="https://adsecurity.org/?cat=172">Hypervisor Security</a> </li> <li class="cat-item cat-item-126"><a href="https://adsecurity.org/?cat=126">Linux/Unix Security</a> </li> <li class="cat-item cat-item-343"><a href="https://adsecurity.org/?cat=343">Malware</a> </li> <li class="cat-item cat-item-11"><a href="https://adsecurity.org/?cat=11">Microsoft Security</a> </li> <li class="cat-item cat-item-819"><a href="https://adsecurity.org/?cat=819">Mitigation</a> </li> <li class="cat-item cat-item-48"><a href="https://adsecurity.org/?cat=48">Network/System Security</a> </li> <li class="cat-item cat-item-7"><a href="https://adsecurity.org/?cat=7">PowerShell</a> </li> <li class="cat-item cat-item-698"><a href="https://adsecurity.org/?cat=698">RealWorld</a> </li> <li class="cat-item cat-item-21"><a href="https://adsecurity.org/?cat=21">Security</a> </li> <li class="cat-item cat-item-234"><a href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a> </li> <li class="cat-item cat-item-1045"><a href="https://adsecurity.org/?cat=1045">Security Recommendation</a> </li> <li class="cat-item cat-item-24"><a href="https://adsecurity.org/?cat=24">Technical Article</a> </li> <li class="cat-item cat-item-4"><a href="https://adsecurity.org/?cat=4">Technical Reading</a> </li> <li class="cat-item cat-item-2"><a href="https://adsecurity.org/?cat=2">Technical Reference</a> </li> <li class="cat-item cat-item-156"><a href="https://adsecurity.org/?cat=156">TheCloud</a> </li> <li class="cat-item cat-item-930"><a href="https://adsecurity.org/?cat=930">Vulnerability</a> </li> </ul> </div><div id="meta-2" class="sidebar-wrap widget_meta"><h3>Meta</h3> <ul> <li><a href="https://adsecurity.org/wp-login.php">Log in</a></li> <li><a href="https://adsecurity.org/?feed=rss2">Entries feed</a></li> <li><a href="https://adsecurity.org/?feed=comments-rss2">Comments feed</a></li> <li><a href="https://wordpress.org/">WordPress.org</a></li> </ul> </div> </div><!-- #sidebar1 --> </div><!-- #content --> <div id="sidebar_bottom" class="sidebar widget-area row footer-widget-col-3"> <div id="text-2" class="sidebar-wrap widget_text col-sm-4"><h3>Copyright</h3> <div class="textwidget">Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.</div> </div> </div> <div id="footer" class="row default-footer"> <div class="copyright-developer"> <div id="copyright"> <p>Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. </p> </div> <div id="developer"> <p> Made with <i class="fa fa-heart"></i> by <a href="https://www.graphene-theme.com/" rel="nofollow">Graphene Themes</a>. </p> </div> </div> </div><!-- #footer --> </div><!-- #container --> <!-- Start of StatCounter Code --> <script> <!-- var sc_project=10100711; var sc_security="4b306538"; var sc_invisible=1; </script> <script type="text/javascript" src="https://www.statcounter.com/counter/counter.js" async></script> <noscript><div class="statcounter"><a title="web analytics" href="https://statcounter.com/"><img class="statcounter" src="https://c.statcounter.com/10100711/0/4b306538/1/" alt="web analytics" /></a></div></noscript> <!-- End of StatCounter Code --> <a href="#" id="back-to-top" title="Back to top"><i class="fa fa-chevron-up"></i></a> <script type="text/javascript" id="tptn_tracker-js-extra"> /* <![CDATA[ */ var ajax_tptn_tracker = {"ajax_url":"https:\/\/adsecurity.org\/wp-admin\/admin-ajax.php","top_ten_id":"4031","top_ten_blog_id":"1","activate_counter":"11","top_ten_debug":"0","tptn_rnd":"1491368188"}; /* ]]> */ </script> <script type="text/javascript" src="https://adsecurity.org/wp-content/plugins/top-10/includes/js/top-10-tracker.min.js?ver=1.0" id="tptn_tracker-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-includes/js/comment-reply.min.js?ver=6.5.5" id="comment-reply-js" async="async" data-wp-strategy="async"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10