CINXE.COM

<!DOCTYPE html>   <html lang="en-US" prefix="og: http://ogp.me/ns#">  <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Sean Metcalf – Active Directory Security</title> <meta name='robots' content='max-image-preview:large' /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security » Feed" href="https://adsecurity.org/?feed=rss2" /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security » Comments Feed" href="https://adsecurity.org/?feed=comments-rss2" /> <link rel="alternate" type="application/rss+xml" title="Active Directory Security » Posts by Sean Metcalf Feed" href="https://adsecurity.org/?feed=rss2&author=2" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/adsecurity.org\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.5"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://adsecurity.org/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 14px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 20px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-size--tiny: 10px;--wp--preset--font-size--regular: 16px;--wp--preset--font-size--larger: 26px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} .wp-block-navigation a:where(:not(.wp-element-button)){color: inherit;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} .wp-block-pullquote{font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='bootstrap-css' href='https://adsecurity.org/wp-content/themes/graphene/bootstrap/css/bootstrap.min.css?ver=6.5.5' type='text/css' media='all' /> <link rel='stylesheet' id='font-awesome-css' href='https://adsecurity.org/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=6.5.5' type='text/css' media='all' /> <link rel='stylesheet' id='graphene-css' href='https://adsecurity.org/wp-content/themes/graphene/style.css?ver=2.8.4' type='text/css' media='screen' /> <link rel='stylesheet' id='graphene-responsive-css' href='https://adsecurity.org/wp-content/themes/graphene/responsive.css?ver=2.8.4' type='text/css' media='all' /> <link rel='stylesheet' id='graphene-blocks-css' href='https://adsecurity.org/wp-content/themes/graphene/blocks.css?ver=2.8.4' type='text/css' media='all' /> <style id='akismet-widget-style-inline-css' type='text/css'> .a-stats { --akismet-color-mid-green: #357b49; --akismet-color-white: #fff; --akismet-color-light-grey: #f6f7f7; max-width: 350px; width: auto; } .a-stats * { all: unset; box-sizing: border-box; } .a-stats strong { font-weight: 600; } .a-stats a.a-stats__link, .a-stats a.a-stats__link:visited, .a-stats a.a-stats__link:active { background: var(--akismet-color-mid-green); border: none; box-shadow: none; border-radius: 8px; color: var(--akismet-color-white); cursor: pointer; display: block; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen-Sans', 'Ubuntu', 'Cantarell', 'Helvetica Neue', sans-serif; font-weight: 500; padding: 12px; text-align: center; text-decoration: none; transition: all 0.2s ease; } /* Extra specificity to deal with TwentyTwentyOne focus style */ .widget .a-stats a.a-stats__link:focus { background: var(--akismet-color-mid-green); color: var(--akismet-color-white); text-decoration: none; } .a-stats a.a-stats__link:hover { filter: brightness(110%); box-shadow: 0 4px 12px rgba(0, 0, 0, 0.06), 0 0 2px rgba(0, 0, 0, 0.16); } .a-stats .count { color: var(--akismet-color-white); display: block; font-size: 1.5em; line-height: 1.4; padding: 0 13px; white-space: nowrap; } </style> <script type="text/javascript" src="https://adsecurity.org/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://adsecurity.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2.8.4" id="bootstrap-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/bootstrap-hover-dropdown/bootstrap-hover-dropdown.min.js?ver=2.8.4" id="bootstrap-hover-dropdown-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/bootstrap-submenu/bootstrap-submenu.min.js?ver=2.8.4" id="bootstrap-submenu-js"></script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/jquery.infinitescroll.min.js?ver=2.8.4" id="infinite-scroll-js"></script> <script type="text/javascript" id="graphene-js-extra"> /* <![CDATA[ */ var grapheneJS = {"siteurl":"https:\/\/adsecurity.org","ajaxurl":"https:\/\/adsecurity.org\/wp-admin\/admin-ajax.php","templateUrl":"https:\/\/adsecurity.org\/wp-content\/themes\/graphene","isSingular":"","enableStickyMenu":"","shouldShowComments":"","commentsOrder":"newest","sliderDisable":"","sliderInterval":"7000","infScrollBtnLbl":"Load more","infScrollOn":"","infScrollCommentsOn":"","totalPosts":"243","postsPerPage":"10","isPageNavi":"","infScrollMsgText":"Fetching window.grapheneInfScrollItemsPerPage of window.grapheneInfScrollItemsLeft items left ...","infScrollMsgTextPlural":"Fetching window.grapheneInfScrollItemsPerPage of window.grapheneInfScrollItemsLeft items left ...","infScrollFinishedText":"All loaded!","commentsPerPage":"50","totalComments":"0","infScrollCommentsMsg":"Fetching window.grapheneInfScrollCommentsPerPage of window.grapheneInfScrollCommentsLeft comments left ...","infScrollCommentsMsgPlural":"Fetching window.grapheneInfScrollCommentsPerPage of window.grapheneInfScrollCommentsLeft comments left ...","infScrollCommentsFinishedMsg":"All comments loaded!","disableLiveSearch":"1","txtNoResult":"No result found.","isMasonry":""}; /* ]]> */ </script> <script defer type="text/javascript" src="https://adsecurity.org/wp-content/themes/graphene/js/graphene.js?ver=2.8.4" id="graphene-js"></script> <script type="text/javascript" id="wpstg-global-js-extra"> /* <![CDATA[ */ var wpstg = {"nonce":"38f08d3885"}; /* ]]> */ </script> <script type="text/javascript" src="https://adsecurity.org/wp-content/plugins/wp-staging-pro/assets/js/dist/wpstg-blank-loader.min.js?ver=6.5.5" id="wpstg-global-js"></script> <link rel="https://api.w.org/" href="https://adsecurity.org/index.php?rest_route=/" /><link rel="alternate" type="application/json" href="https://adsecurity.org/index.php?rest_route=/wp/v2/users/2" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://adsecurity.org/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.5.5" /> <script> WebFontConfig = { google: { families: ["Lato:400,400i,700,700i&display=swap"] } }; (function(d) { var wf = d.createElement('script'), s = d.scripts[0]; wf.src = 'https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js'; wf.async = true; s.parentNode.insertBefore(wf, s); })(document); </script> <style type="text/css"> .header_title, .header_title a, .header_title a:visited, .header_title a:hover, .header_desc {color:#000000}.carousel, .carousel .item{height:400px}@media (max-width: 991px) {.carousel, .carousel .item{height:250px}}#header{max-height:198px}@media (min-width: 1200px) {.container {width:1280px}} </style> <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style> </head> <body class="archive author author-seanmetcalf author-2 custom-background wp-embed-responsive layout-boxed two_col_left two-columns"> <div class="container boxed-wrapper"> <div id="top-bar" class="row clearfix top-bar "> <div class="col-md-12 top-bar-items"> <ul class="social-profiles"> <li class="social-profile social-profile-rss"> <a href="https://adsecurity.org/?feed=rss2" title="Subscribe to Tech, News, and Other Ideations's RSS feed" id="social-id-1" class="mysocial social-rss"> <i class="fa fa-rss"></i> </a> </li> </ul> <button type="button" class="search-toggle navbar-toggle collapsed" data-toggle="collapse" data-target="#top_search"> <span class="sr-only">Toggle search form</span> <i class="fa fa-search-plus"></i> </button> <div id="top_search" class="top-search-form"> <form class="searchform" method="get" action="https://adsecurity.org"> <div class="input-group"> <div class="form-group live-search-input"> <label for="s" class="screen-reader-text">Search for:</label> <input type="text" id="s" name="s" class="form-control" placeholder="Search"> </div> <span class="input-group-btn"> <button class="btn btn-default" type="submit"><i class="fa fa-search"></i></button> </span> </div> </form> </div> </div> </div> <div id="header" class="row"> <img src="https://adsecurity.org/wp-content/themes/graphene/images/headers/fluid.jpg" alt="Active Directory Security" title="Active Directory Security" width="960" height="198" /> </div> <nav class="navbar row navbar-inverse"> <div class="navbar-header align-center"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#header-menu-wrap, #secondary-menu-wrap"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <p class="header_title"> <a href="https://adsecurity.org" title="Go back to the front page"> Active Directory Security </a> </p> <p class="header_desc">Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…</p> </div> <div class="collapse navbar-collapse" id="header-menu-wrap"> <ul class="nav navbar-nav flip"><li ><a href="https://adsecurity.org/">Home</a></li><li class="menu-item menu-item-8"><a href="https://adsecurity.org/?page_id=8" >About</a></li><li class="menu-item menu-item-41"><a href="https://adsecurity.org/?page_id=41" >AD Resources</a></li><li class="menu-item menu-item-4031"><a href="https://adsecurity.org/?page_id=4031" >Attack Defense & Detection</a></li><li class="menu-item menu-item-293"><a href="https://adsecurity.org/?page_id=293" >Contact</a></li><li class="menu-item menu-item-1821"><a href="https://adsecurity.org/?page_id=1821" >Mimikatz</a></li><li class="menu-item menu-item-1352"><a href="https://adsecurity.org/?page_id=1352" >Presentations</a></li><li class="menu-item menu-item-195"><a href="https://adsecurity.org/?page_id=195" >Schema Versions</a></li><li class="menu-item menu-item-399"><a href="https://adsecurity.org/?page_id=399" >Security Resources</a></li><li class="menu-item menu-item-183"><a href="https://adsecurity.org/?page_id=183" >SPNs</a></li><li class="menu-item menu-item-2532"><a href="https://adsecurity.org/?page_id=2532" >Top Posts</a></li></ul> </div> </nav> <div id="content" class="clearfix hfeed row"> <div id="content-main" class="clearfix content-main col-md-8"> <div id="author-2" class="clearfix page author post-4367 post type-post status-publish format-standard hentry category-activedirectorysecurity category-hacking category-microsoft-security tag-clear-text-password tag-computer-account tag-convertto-nthash tag-dsinternals tag-get-adreplaccount tag-get-adserviceaccount tag-gmsa tag-gmsa-password tag-gmsa-password-hash tag-gmsa-spn tag-group-managed-service-accounts tag-kerberos tag-kerberos-spn tag-lsass tag-mimikatz tag-msds-groupmanagedserviceaccount tag-msds-groupmsamembership tag-msds-managedpassword tag-msds-managedpasswordid tag-msds-managedpasswordinterval tag-msds-managepasswordinterval tag-principalsallowedtoretrivemanagedpassword tag-psexec tag-sekurlsaekeys tag-sekurlsalogonpasswords tag-service-principal-name tag-serviceprincipalnames tag-spn tag-system tag-_sa_ item-wrap"> <div class="entry author-entry clearfix"> <div class="author-heading col-md-12 clearfix"> <div class="col-sm-3"> <img alt='' src='https://secure.gravatar.com/avatar/1f3ad5e878e5d0e6096c5a33718a04d0?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/1f3ad5e878e5d0e6096c5a33718a04d0?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' decoding='async'/> </div> <div class="col-sm-9"> <h1 class="post-title">Sean Metcalf</h1> <ul class="author-social"> <li><a href="mailto:sean@adsecurity.org"><i class="fa fa-envelope-o"></i></a></li> </ul> </div> </div> <div class="row"> <div class="entry-content col-md-12"> <p>I improve security for enterprises around the world working for TrimarcSecurity.com Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8</p> </div> </div> </div> </div> <h3 class="author-post-list"><i class="fa fa-user-circle"></i> Author's posts</h3> <div class="entries-wrapper"> <div id="post-4367" class="clearfix post post-4367 type-post status-publish format-standard hentry category-activedirectorysecurity category-hacking category-microsoft-security tag-clear-text-password tag-computer-account tag-convertto-nthash tag-dsinternals tag-get-adreplaccount tag-get-adserviceaccount tag-gmsa tag-gmsa-password tag-gmsa-password-hash tag-gmsa-spn tag-group-managed-service-accounts tag-kerberos tag-kerberos-spn tag-lsass tag-mimikatz tag-msds-groupmanagedserviceaccount tag-msds-groupmsamembership tag-msds-managedpassword tag-msds-managedpasswordid tag-msds-managedpasswordinterval tag-msds-managepasswordinterval tag-principalsallowedtoretrivemanagedpassword tag-psexec tag-sekurlsaekeys tag-sekurlsalogonpasswords tag-service-principal-name tag-serviceprincipalnames tag-spn tag-system tag-_sa_ item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">May</span> <span class="day">29</span> <span class="year">2020</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4367" rel="bookmark" title="Permalink to Attacking Active Directory Group Managed Service Accounts (GMSAs)"> Attacking Active Directory Group Managed Service Accounts (GMSAs) </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-565" href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a>, <a class="term term-category term-1039" href="https://adsecurity.org/?cat=1039">Hacking</a>, <a class="term term-category term-11" href="https://adsecurity.org/?cat=11">Microsoft Security</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4367"><img width="282" height="300" src="https://adsecurity.org/wp-content/uploads/2020/05/image-41-282x300.png" class="attachment-medium size-medium" alt="" decoding="async" fetchpriority="high" srcset="https://adsecurity.org/wp-content/uploads/2020/05/image-41-282x300.png 282w, https://adsecurity.org/wp-content/uploads/2020/05/image-41.png 732w" sizes="(max-width: 282px) 100vw, 282px" /></a></div> <p>In May 2020, I presented some Active Directory security topics in a Trimarc Webcast called “Securing Active Directory: Resolving Common Issues” and included some information I put together relating to the security of AD Group Managed Service Accounts (GMSA). This post includes the expanded version of attacking and defending GMSAs I covered in the webcast.I … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4367">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-1444" href="https://adsecurity.org/?tag=clear-text-password">clear-text password</a>, <a class="term term-tagpost_tag term-1446" href="https://adsecurity.org/?tag=computer-account">Computer Account</a>, <a class="term term-tagpost_tag term-1442" href="https://adsecurity.org/?tag=convertto-nthash">ConvertTo-NTHash</a>, <a class="term term-tagpost_tag term-602" href="https://adsecurity.org/?tag=dsinternals">DSInternals</a>, <a class="term term-tagpost_tag term-1448" href="https://adsecurity.org/?tag=get-adreplaccount">Get-ADReplAccount</a>, <a class="term term-tagpost_tag term-1432" href="https://adsecurity.org/?tag=get-adserviceaccount">Get-ADServiceAccount</a>, <a class="term term-tagpost_tag term-1430" href="https://adsecurity.org/?tag=gmsa">GMSA</a>, <a class="term term-tagpost_tag term-1431" href="https://adsecurity.org/?tag=gmsa-password">GMSA password</a>, <a class="term term-tagpost_tag term-1438" href="https://adsecurity.org/?tag=gmsa-password-hash">GMSA password hash</a>, <a class="term term-tagpost_tag term-1436" href="https://adsecurity.org/?tag=gmsa-spn">GMSA SPN</a>, <a class="term term-tagpost_tag term-1429" href="https://adsecurity.org/?tag=group-managed-service-accounts">Group Managed Service Accounts</a>, <a class="term term-tagpost_tag term-81" href="https://adsecurity.org/?tag=kerberos">Kerberos</a>, <a class="term term-tagpost_tag term-1435" href="https://adsecurity.org/?tag=kerberos-spn">Kerberos SPN</a>, <a class="term term-tagpost_tag term-71" href="https://adsecurity.org/?tag=lsass">LSASS</a>, <a class="term term-tagpost_tag term-207" href="https://adsecurity.org/?tag=mimikatz">mimikatz</a>, <a class="term term-tagpost_tag term-1449" href="https://adsecurity.org/?tag=msds-groupmanagedserviceaccount">msDS-GroupManagedServiceAccount</a>, <a class="term term-tagpost_tag term-1451" href="https://adsecurity.org/?tag=msds-groupmsamembership">msDS-GroupMSAMembership</a>, <a class="term term-tagpost_tag term-1443" href="https://adsecurity.org/?tag=msds-managedpassword">msds-ManagedPassword</a>, <a class="term term-tagpost_tag term-1452" href="https://adsecurity.org/?tag=msds-managedpasswordid">msDS-ManagedPasswordId</a>, <a class="term term-tagpost_tag term-1450" href="https://adsecurity.org/?tag=msds-managedpasswordinterval">msDS-ManagedPasswordInterval</a>, <a class="term term-tagpost_tag term-1440" href="https://adsecurity.org/?tag=msds-managepasswordinterval">msDS-ManagePasswordInterval</a>, <a class="term term-tagpost_tag term-1439" href="https://adsecurity.org/?tag=principalsallowedtoretrivemanagedpassword">PrincipalsAllowedToRetriveManagedPassword</a>, <a class="term term-tagpost_tag term-1447" href="https://adsecurity.org/?tag=psexec">PSEXEC</a>, <a class="term term-tagpost_tag term-1434" href="https://adsecurity.org/?tag=sekurlsaekeys">Sekurlsa::ekeys</a>, <a class="term term-tagpost_tag term-776" href="https://adsecurity.org/?tag=sekurlsalogonpasswords">sekurlsa::logonpasswords</a>, <a class="term term-tagpost_tag term-1137" href="https://adsecurity.org/?tag=service-principal-name">service principal name</a>, <a class="term term-tagpost_tag term-1441" href="https://adsecurity.org/?tag=serviceprincipalnames">ServicePrincipalNames</a>, <a class="term term-tagpost_tag term-294" href="https://adsecurity.org/?tag=spn">SPN</a>, <a class="term term-tagpost_tag term-1445" href="https://adsecurity.org/?tag=system">SYSTEM</a>, <a class="term term-tagpost_tag term-1433" href="https://adsecurity.org/?tag=_sa_">_SA_</a></span></li> </ul> </div> </div> <div id="post-4277" class="clearfix post post-4277 type-post status-publish format-standard hentry category-cloud-security category-microsoft-security category-thecloud tag-access-management-for-azure-resources tag-activedirectory tag-azure-ad-pim tag-azure-owner tag-azure-rbac tag-azure-root tag-azuread tag-company-administrator tag-compromise-azure-domain-controller tag-compromise-azure-vm tag-elevate-access tag-enableadminaccount tag-from-azure-ad-to-azure tag-global-admin-to-azure tag-global-administrator tag-global-administrator-elevate-access tag-mfa tag-microsoft-compute-virtualmachines-runcommand tag-net-localgroup tag-office-365-security tag-pim tag-privileged-identity-manager tag-run-powershell-on-azure-vm tag-runcommand tag-runpowershellscript tag-user-access-administrator tag-virtual-machine-contributor item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">May</span> <span class="day">27</span> <span class="year">2020</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4277" rel="bookmark" title="Permalink to From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path"> From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-431" href="https://adsecurity.org/?cat=431">Cloud Security</a>, <a class="term term-category term-11" href="https://adsecurity.org/?cat=11">Microsoft Security</a>, <a class="term term-category term-156" href="https://adsecurity.org/?cat=156">TheCloud</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4277"><img width="300" height="300" src="https://adsecurity.org/wp-content/uploads/2020/05/image-6-300x300.png" class="attachment-medium size-medium" alt="" decoding="async" srcset="https://adsecurity.org/wp-content/uploads/2020/05/image-6-300x300.png 300w, https://adsecurity.org/wp-content/uploads/2020/05/image-6-150x150.png 150w, https://adsecurity.org/wp-content/uploads/2020/05/image-6.png 360w" sizes="(max-width: 300px) 100vw, 300px" /></a></div> <p>For most of 2019, I was digging into Office 365 and Azure AD and looking at features as part of the development of the new Trimarc Microsoft Cloud Security Assessment which focuses on improving customer Microsoft Office 365 and Azure AD security posture. As I went through each of them, I found one that was … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4277">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-1404" href="https://adsecurity.org/?tag=access-management-for-azure-resources">Access management for Azure resources</a>, <a class="term term-tagpost_tag term-20" href="https://adsecurity.org/?tag=activedirectory">ActiveDirectory</a>, <a class="term term-tagpost_tag term-1408" href="https://adsecurity.org/?tag=azure-ad-pim">Azure AD PIM</a>, <a class="term term-tagpost_tag term-1418" href="https://adsecurity.org/?tag=azure-owner">Azure Owner</a>, <a class="term term-tagpost_tag term-1403" href="https://adsecurity.org/?tag=azure-rbac">Azure RBAC</a>, <a class="term term-tagpost_tag term-1419" href="https://adsecurity.org/?tag=azure-root">Azure root</a>, <a class="term term-tagpost_tag term-136" href="https://adsecurity.org/?tag=azuread">AzureAD</a>, <a class="term term-tagpost_tag term-1411" href="https://adsecurity.org/?tag=company-administrator">Company Administrator</a>, <a class="term term-tagpost_tag term-1416" href="https://adsecurity.org/?tag=compromise-azure-domain-controller">Compromise Azure Domain Controller</a>, <a class="term term-tagpost_tag term-1417" href="https://adsecurity.org/?tag=compromise-azure-vm">Compromise Azure VM</a>, <a class="term term-tagpost_tag term-1410" href="https://adsecurity.org/?tag=elevate-access">Elevate Access</a>, <a class="term term-tagpost_tag term-1424" href="https://adsecurity.org/?tag=enableadminaccount">EnableAdminAccount</a>, <a class="term term-tagpost_tag term-1414" href="https://adsecurity.org/?tag=from-azure-ad-to-azure">From Azure AD to Azure</a>, <a class="term term-tagpost_tag term-1415" href="https://adsecurity.org/?tag=global-admin-to-azure">Global Admin to Azure</a>, <a class="term term-tagpost_tag term-1406" href="https://adsecurity.org/?tag=global-administrator">Global Administrator</a>, <a class="term term-tagpost_tag term-1413" href="https://adsecurity.org/?tag=global-administrator-elevate-access">Global Administrator Elevate Access</a>, <a class="term term-tagpost_tag term-1412" href="https://adsecurity.org/?tag=mfa">MFA</a>, <a class="term term-tagpost_tag term-1422" href="https://adsecurity.org/?tag=microsoft-compute-virtualmachines-runcommand">Microsoft.Compute/virtualMachines/runCommand/</a>, <a class="term term-tagpost_tag term-1426" href="https://adsecurity.org/?tag=net-localgroup">net localgroup</a>, <a class="term term-tagpost_tag term-1405" href="https://adsecurity.org/?tag=office-365-security">Office 365 Security</a>, <a class="term term-tagpost_tag term-1380" href="https://adsecurity.org/?tag=pim">PIM</a>, <a class="term term-tagpost_tag term-1409" href="https://adsecurity.org/?tag=privileged-identity-manager">Privileged Identity Manager</a>, <a class="term term-tagpost_tag term-1425" href="https://adsecurity.org/?tag=run-powershell-on-azure-vm">Run PowerShell on Azure VM</a>, <a class="term term-tagpost_tag term-1421" href="https://adsecurity.org/?tag=runcommand">runCommand</a>, <a class="term term-tagpost_tag term-1423" href="https://adsecurity.org/?tag=runpowershellscript">RunPowerShellScript</a>, <a class="term term-tagpost_tag term-1407" href="https://adsecurity.org/?tag=user-access-administrator">User Access Administrator</a>, <a class="term term-tagpost_tag term-1420" href="https://adsecurity.org/?tag=virtual-machine-contributor">Virtual Machine Contributor</a></span></li> </ul> </div> </div> <div id="post-4211" class="clearfix post post-4211 type-post status-publish format-standard hentry category-technical-reference tag-aad tag-accounttokentheft tag-activedirectory tag-activesync tag-ad tag-adal tag-adalpowershell tag-attackingmicrosoftcloud tag-attackingoffice365 tag-azure-ad-account-enumeration tag-azureactivedirectory tag-azuread tag-azureadpasswordspray tag-azureadpowershellmodule tag-azurepim tag-cloudad tag-exchangeonlinemodule tag-globaladmin tag-globalreader tag-microsoftcloud tag-microsoftcloudsecurity tag-msonline tag-o365 tag-o365creeper tag-o365passwordspray tag-office365 tag-office365passwordspray tag-office365security tag-owa tag-passwordspraydetection tag-passwordspraying tag-pim tag-privilegedidentitymanagement tag-whatisazureactivedirectory tag-whatisazuread item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Jan</span> <span class="day">12</span> <span class="year">2020</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4211" rel="bookmark" title="Permalink to What is Azure Active Directory?"> What is Azure Active Directory? </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4211"><img width="300" height="272" src="https://adsecurity.org/wp-content/uploads/2020/01/image-8-300x272.png" class="attachment-medium size-medium" alt="" decoding="async" loading="lazy" srcset="https://adsecurity.org/wp-content/uploads/2020/01/image-8-300x272.png 300w, https://adsecurity.org/wp-content/uploads/2020/01/image-8-1024x928.png 1024w, https://adsecurity.org/wp-content/uploads/2020/01/image-8-768x696.png 768w, https://adsecurity.org/wp-content/uploads/2020/01/image-8-1536x1392.png 1536w, https://adsecurity.org/wp-content/uploads/2020/01/image-8.png 1987w" sizes="(max-width: 300px) 100vw, 300px" /></a></div> <p>Many are familiar with Active Directory, the on-premises directory and authentication system that is available with Windows Server, but exactly what is Azure Active Directory? Azure Active Directory (Azure AD or AAD) is a multi-tenant cloud directory and authentication service. Azure AD is the directory service that Office 365 (and Azure) leverages for account, groups, … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4211">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-1376" href="https://adsecurity.org/?tag=aad">AAD</a>, <a class="term term-tagpost_tag term-1401" href="https://adsecurity.org/?tag=accounttokentheft">AccountTokenTheft</a>, <a class="term term-tagpost_tag term-20" href="https://adsecurity.org/?tag=activedirectory">ActiveDirectory</a>, <a class="term term-tagpost_tag term-1395" href="https://adsecurity.org/?tag=activesync">ActiveSync</a>, <a class="term term-tagpost_tag term-1013" href="https://adsecurity.org/?tag=ad">AD</a>, <a class="term term-tagpost_tag term-1389" href="https://adsecurity.org/?tag=adal">ADAL</a>, <a class="term term-tagpost_tag term-1390" href="https://adsecurity.org/?tag=adalpowershell">ADALPowerShell</a>, <a class="term term-tagpost_tag term-1379" href="https://adsecurity.org/?tag=attackingmicrosoftcloud">AttackingMicrosoftCloud</a>, <a class="term term-tagpost_tag term-1378" href="https://adsecurity.org/?tag=attackingoffice365">AttackingOffice365</a>, <a class="term term-tagpost_tag term-1393" href="https://adsecurity.org/?tag=azure-ad-account-enumeration">Azure AD Account Enumeration</a>, <a class="term term-tagpost_tag term-491" href="https://adsecurity.org/?tag=azureactivedirectory">AzureActiveDirectory</a>, <a class="term term-tagpost_tag term-136" href="https://adsecurity.org/?tag=azuread">AzureAD</a>, <a class="term term-tagpost_tag term-1397" href="https://adsecurity.org/?tag=azureadpasswordspray">AzureADPasswordSpray</a>, <a class="term term-tagpost_tag term-1388" href="https://adsecurity.org/?tag=azureadpowershellmodule">AzureADPowerShellModule</a>, <a class="term term-tagpost_tag term-1392" href="https://adsecurity.org/?tag=azurepim">AzurePIM</a>, <a class="term term-tagpost_tag term-1385" href="https://adsecurity.org/?tag=cloudad">CloudAD</a>, <a class="term term-tagpost_tag term-1402" href="https://adsecurity.org/?tag=exchangeonlinemodule">ExchangeOnlineModule</a>, <a class="term term-tagpost_tag term-1382" href="https://adsecurity.org/?tag=globaladmin">GlobalAdmin</a>, <a class="term term-tagpost_tag term-1381" href="https://adsecurity.org/?tag=globalreader">GlobalReader</a>, <a class="term term-tagpost_tag term-135" href="https://adsecurity.org/?tag=microsoftcloud">MicrosoftCloud</a>, <a class="term term-tagpost_tag term-1377" href="https://adsecurity.org/?tag=microsoftcloudsecurity">MicrosoftCloudSecurity</a>, <a class="term term-tagpost_tag term-1387" href="https://adsecurity.org/?tag=msonline">MSOnline</a>, <a class="term term-tagpost_tag term-1386" href="https://adsecurity.org/?tag=o365">O365</a>, <a class="term term-tagpost_tag term-1394" href="https://adsecurity.org/?tag=o365creeper">O365Creeper</a>, <a class="term term-tagpost_tag term-1399" href="https://adsecurity.org/?tag=o365passwordspray">O365PasswordSpray</a>, <a class="term term-tagpost_tag term-1374" href="https://adsecurity.org/?tag=office365">Office365</a>, <a class="term term-tagpost_tag term-1398" href="https://adsecurity.org/?tag=office365passwordspray">Office365PasswordSpray</a>, <a class="term term-tagpost_tag term-1375" href="https://adsecurity.org/?tag=office365security">Office365security</a>, <a class="term term-tagpost_tag term-1396" href="https://adsecurity.org/?tag=owa">OWA</a>, <a class="term term-tagpost_tag term-1400" href="https://adsecurity.org/?tag=passwordspraydetection">PasswordSprayDetection</a>, <a class="term term-tagpost_tag term-1024" href="https://adsecurity.org/?tag=passwordspraying">PasswordSpraying</a>, <a class="term term-tagpost_tag term-1380" href="https://adsecurity.org/?tag=pim">PIM</a>, <a class="term term-tagpost_tag term-1391" href="https://adsecurity.org/?tag=privilegedidentitymanagement">PrivilegedIdentityManagement</a>, <a class="term term-tagpost_tag term-1383" href="https://adsecurity.org/?tag=whatisazureactivedirectory">WhatIsAzureActiveDirectory</a>, <a class="term term-tagpost_tag term-1384" href="https://adsecurity.org/?tag=whatisazuread">WhatIsAzureAD</a></span></li> </ul> </div> </div> <div id="post-4179" class="clearfix post post-4179 type-post status-publish format-standard hentry category-technical-reference item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Aug</span> <span class="day">07</span> <span class="year">2019</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4179" rel="bookmark" title="Permalink to Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud"> Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <p>Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD) Sean Metcalf (Trimarc) & Mark Morowczynski (Principal Program Manager, Microsoft) The allure of the “Cloud” is indisputable. Organizations are moving into the cloud at a rapid pace. Even companies that have said no to the Cloud in the past have started migrating services and … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4179">Continue reading</a></p> </div> </div> </div> <div id="post-4187" class="clearfix post post-4187 type-post status-publish format-standard hentry category-technical-reference item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Aug</span> <span class="day">01</span> <span class="year">2019</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4187" rel="bookmark" title="Permalink to AD Reading: Windows Server 2019 Active Directory Features"> AD Reading: Windows Server 2019 Active Directory Features </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <p>Windows Server 2019 has several new features, though nothing in this list is related to AD. Note that there is no Windows Server 2019 AD Forest/Domain Functional Level. There are no new features for Active Directory in Windows Server 2019 except one performance update which doesn’t affect most deployments. This update is related to an … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4187">Continue reading</a></p> </div> </div> </div> <div id="post-4115" class="clearfix post post-4115 type-post status-publish format-standard hentry category-technical-reference tag-active-directory tag-ad-security tag-agpm tag-altiris tag-commvault tag-domain-admins tag-imanami tag-insight tag-nessus tag-service-accounts tag-servicenow tag-spn tag-sql tag-vcenter tag-vmware tag-vpn tag-vulscan item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Mar</span> <span class="day">21</span> <span class="year">2019</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4115" rel="bookmark" title="Permalink to There’s Something About Service Accounts"> There’s Something About Service Accounts </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4115"><img width="300" height="161" src="https://adsecurity.org/wp-content/uploads/2019/02/image-1-300x161.png" class="attachment-medium size-medium" alt="" decoding="async" loading="lazy" srcset="https://adsecurity.org/wp-content/uploads/2019/02/image-1-300x161.png 300w, https://adsecurity.org/wp-content/uploads/2019/02/image-1-768x411.png 768w, https://adsecurity.org/wp-content/uploads/2019/02/image-1.png 1024w" sizes="(max-width: 300px) 100vw, 300px" /></a></div> <p>Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost always over-privileged due to documented vendor requirements or because of operational challenges (“just make it work”). We can discover service accounts by looking for user accounts with Kerberos Service Principal Names (SPNs) which I … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4115">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-75" href="https://adsecurity.org/?tag=active-directory">Active Directory</a>, <a class="term term-tagpost_tag term-100" href="https://adsecurity.org/?tag=ad-security">AD Security</a>, <a class="term term-tagpost_tag term-1346" href="https://adsecurity.org/?tag=agpm">AGPM</a>, <a class="term term-tagpost_tag term-1347" href="https://adsecurity.org/?tag=altiris">Altiris</a>, <a class="term term-tagpost_tag term-1348" href="https://adsecurity.org/?tag=commvault">CommVault</a>, <a class="term term-tagpost_tag term-1177" href="https://adsecurity.org/?tag=domain-admins">Domain Admins</a>, <a class="term term-tagpost_tag term-1354" href="https://adsecurity.org/?tag=imanami">Imanami</a>, <a class="term term-tagpost_tag term-1367" href="https://adsecurity.org/?tag=insight">Insight</a>, <a class="term term-tagpost_tag term-1360" href="https://adsecurity.org/?tag=nessus">Nessus</a>, <a class="term term-tagpost_tag term-1344" href="https://adsecurity.org/?tag=service-accounts">Service Accounts</a>, <a class="term term-tagpost_tag term-1358" href="https://adsecurity.org/?tag=servicenow">ServiceNow</a>, <a class="term term-tagpost_tag term-294" href="https://adsecurity.org/?tag=spn">SPN</a>, <a class="term term-tagpost_tag term-732" href="https://adsecurity.org/?tag=sql">SQL</a>, <a class="term term-tagpost_tag term-1371" href="https://adsecurity.org/?tag=vcenter">Vcenter</a>, <a class="term term-tagpost_tag term-475" href="https://adsecurity.org/?tag=vmware">VMWare</a>, <a class="term term-tagpost_tag term-1372" href="https://adsecurity.org/?tag=vpn">VPN</a>, <a class="term term-tagpost_tag term-1362" href="https://adsecurity.org/?tag=vulscan">VulScan</a></span></li> </ul> </div> </div> <div id="post-4119" class="clearfix post post-4119 type-post status-publish format-standard hentry category-technical-reference tag-active-directory-security tag-domain-permissions tag-exchange-custom-rbac tag-exchange-ntlm-relay tag-exchange-permissions tag-exchange-split-permission-model tag-exchange-trusted-subsystem tag-exchange-windows-permission tag-genericall tag-organization-management item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Feb</span> <span class="day">12</span> <span class="year">2019</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4119" rel="bookmark" title="Permalink to Mitigating Exchange Permission Paths to Domain Admins in Active Directory"> Mitigating Exchange Permission Paths to Domain Admins in Active Directory </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4119"><img width="1" height="1" src="https://adsecurity.org/wp-content/uploads/2019/02/image.gif" class="attachment-medium size-medium" alt="" decoding="async" loading="lazy" /></a></div> <p>This article is a cross-post from TrimarcSecurity.comOriginal article: https://www.trimarcsecurity.com/single-post/2019/02/12/Mitigating-Exchange-Permission-Paths-to-Domain-Admins-in-Active-Directory The Issue Recently a blog post was published by Dirk-jan Mollema titled “Abusing Exchange: One API call away from Domain Admin ” (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/)which highlighted several issues with Exchange permissions and a chained attack which would likely result in a regular user with a mailbox being able to … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4119">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-976" href="https://adsecurity.org/?tag=active-directory-security">Active Directory Security</a>, <a class="term term-tagpost_tag term-1337" href="https://adsecurity.org/?tag=domain-permissions">Domain permissions</a>, <a class="term term-tagpost_tag term-1343" href="https://adsecurity.org/?tag=exchange-custom-rbac">Exchange custom RBAC</a>, <a class="term term-tagpost_tag term-1342" href="https://adsecurity.org/?tag=exchange-ntlm-relay">Exchange NTLM Relay</a>, <a class="term term-tagpost_tag term-1336" href="https://adsecurity.org/?tag=exchange-permissions">Exchange permissions</a>, <a class="term term-tagpost_tag term-1341" href="https://adsecurity.org/?tag=exchange-split-permission-model">Exchange split permission model</a>, <a class="term term-tagpost_tag term-1339" href="https://adsecurity.org/?tag=exchange-trusted-subsystem">Exchange Trusted Subsystem</a>, <a class="term term-tagpost_tag term-1338" href="https://adsecurity.org/?tag=exchange-windows-permission">Exchange Windows Permission</a>, <a class="term term-tagpost_tag term-1200" href="https://adsecurity.org/?tag=genericall">GenericAll</a>, <a class="term term-tagpost_tag term-1340" href="https://adsecurity.org/?tag=organization-management">Organization Management</a></span></li> </ul> </div> </div> <div id="post-4064" class="clearfix post post-4064 type-post status-publish format-standard hentry category-activedirectorysecurity category-microsoft-security category-technical-reference tag-active-directory tag-dns-server-object-permission tag-dnsadmins tag-dnsplugincleanup tag-dnsplugininitialize tag-dnspluginquery tag-domain-controller tag-from-dnsadmin-to-domain-admin tag-hkey_local_machinesystemcurrentcontrolsetservicesdnsparametersserverlevelplugindll tag-mimikatz-dll tag-run-dll-on-domain-controller tag-serverlevelplugindll tag-uuid-is-50abc2a4-574d-40b3-9d66-ee4fd5fba076 tag-pipednsserver item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Oct</span> <span class="day">11</span> <span class="year">2018</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4064" rel="bookmark" title="Permalink to From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration"> From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-565" href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a>, <a class="term term-category term-11" href="https://adsecurity.org/?cat=11">Microsoft Security</a>, <a class="term term-category term-2" href="https://adsecurity.org/?cat=2">Technical Reference</a></span></span> </li> </ul> <div class="entry-content clearfix"> <p>It’s been almost 1.5 years since the Medium post by Shay Ber was published that explained how to execute a DLL as SYSTEM on a Domain Controller provided the account is a member of DNSAdmins. I finally got around to posting here since many I speak with aren’t aware of this issue. Shay describes this … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4064">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-75" href="https://adsecurity.org/?tag=active-directory">Active Directory</a>, <a class="term term-tagpost_tag term-1335" href="https://adsecurity.org/?tag=dns-server-object-permission">DNS server object permission</a>, <a class="term term-tagpost_tag term-1324" href="https://adsecurity.org/?tag=dnsadmins">DNSAdmins</a>, <a class="term term-tagpost_tag term-1332" href="https://adsecurity.org/?tag=dnsplugincleanup">DnsPluginCleanup</a>, <a class="term term-tagpost_tag term-1331" href="https://adsecurity.org/?tag=dnsplugininitialize">DnsPluginInitialize</a>, <a class="term term-tagpost_tag term-1333" href="https://adsecurity.org/?tag=dnspluginquery">DnsPluginQuery</a>, <a class="term term-tagpost_tag term-79" href="https://adsecurity.org/?tag=domain-controller">Domain Controller</a>, <a class="term term-tagpost_tag term-1326" href="https://adsecurity.org/?tag=from-dnsadmin-to-domain-admin">from DNSAdmin to Domain Admin</a>, <a class="term term-tagpost_tag term-1330" href="https://adsecurity.org/?tag=hkey_local_machinesystemcurrentcontrolsetservicesdnsparametersserverlevelplugindll">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters\ServerLevelPluginDll</a>, <a class="term term-tagpost_tag term-1334" href="https://adsecurity.org/?tag=mimikatz-dll">mimikatz dll</a>, <a class="term term-tagpost_tag term-1325" href="https://adsecurity.org/?tag=run-dll-on-domain-controller">run DLL on Domain Controller</a>, <a class="term term-tagpost_tag term-1329" href="https://adsecurity.org/?tag=serverlevelplugindll">ServerLevelPluginDll</a>, <a class="term term-tagpost_tag term-1327" href="https://adsecurity.org/?tag=uuid-is-50abc2a4-574d-40b3-9d66-ee4fd5fba076">UUID is 50ABC2A4–574D-40B3–9D66-EE4FD5FBA076</a>, <a class="term term-tagpost_tag term-1328" href="https://adsecurity.org/?tag=pipednsserver">\PIPE\DNSSERVER</a></span></li> </ul> </div> </div> <div id="post-4056" class="clearfix post post-4056 type-post status-publish format-standard hentry category-activedirectorysecurity category-exploit category-hacking category-microsoft-security category-security-conference-presentationvideo tag-ad-credential-theft tag-constrained-delegation tag-dcsync tag-delegation tag-dod-stig tag-domain-controller-spooler tag-kerberos tag-kerberos-attack tag-kerberos-delegation tag-kerberos-unconstrained-delegation tag-ms-rprn tag-print-spooler tag-rpcremotefindfirstprinterchangenotification tag-spooler tag-spooler-service item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Oct</span> <span class="day">10</span> <span class="year">2018</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4056" rel="bookmark" title="Permalink to Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest"> Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-565" href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a>, <a class="term term-category term-347" href="https://adsecurity.org/?cat=347">Exploit</a>, <a class="term term-category term-1039" href="https://adsecurity.org/?cat=1039">Hacking</a>, <a class="term term-category term-11" href="https://adsecurity.org/?cat=11">Microsoft Security</a>, <a class="term term-category term-234" href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4056"><img width="300" height="215" src="https://adsecurity.org/wp-content/uploads/2018/10/DerbyCon-UROTAD-PrinterBugSlide-SO1-300x215.png" class="attachment-medium size-medium" alt="" decoding="async" loading="lazy" srcset="https://adsecurity.org/wp-content/uploads/2018/10/DerbyCon-UROTAD-PrinterBugSlide-SO1-300x215.png 300w, https://adsecurity.org/wp-content/uploads/2018/10/DerbyCon-UROTAD-PrinterBugSlide-SO1.png 701w" sizes="(max-width: 300px) 100vw, 300px" /></a></div> <p>At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though one in particular caught my eye. Overview Lee figured out and presents a scenario where there’s an account … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4056">Continue reading</a></p> </div> <ul class="entry-footer"> <li class="post-tags col-sm-8"><i class="fa fa-tags" title="Tags"></i> <span class="terms"><a class="term term-tagpost_tag term-1323" href="https://adsecurity.org/?tag=ad-credential-theft">AD credential theft</a>, <a class="term term-tagpost_tag term-1322" href="https://adsecurity.org/?tag=constrained-delegation">constrained delegation</a>, <a class="term term-tagpost_tag term-598" href="https://adsecurity.org/?tag=dcsync">DCSync</a>, <a class="term term-tagpost_tag term-1315" href="https://adsecurity.org/?tag=delegation">delegation</a>, <a class="term term-tagpost_tag term-1321" href="https://adsecurity.org/?tag=dod-stig">DoD STIG</a>, <a class="term term-tagpost_tag term-1318" href="https://adsecurity.org/?tag=domain-controller-spooler">Domain Controller Spooler</a>, <a class="term term-tagpost_tag term-81" href="https://adsecurity.org/?tag=kerberos">Kerberos</a>, <a class="term term-tagpost_tag term-1145" href="https://adsecurity.org/?tag=kerberos-attack">Kerberos attack</a>, <a class="term term-tagpost_tag term-1165" href="https://adsecurity.org/?tag=kerberos-delegation">Kerberos Delegation</a>, <a class="term term-tagpost_tag term-1314" href="https://adsecurity.org/?tag=kerberos-unconstrained-delegation">Kerberos unconstrained delegation</a>, <a class="term term-tagpost_tag term-1320" href="https://adsecurity.org/?tag=ms-rprn">MS-RPRN</a>, <a class="term term-tagpost_tag term-1316" href="https://adsecurity.org/?tag=print-spooler">Print Spooler</a>, <a class="term term-tagpost_tag term-1313" href="https://adsecurity.org/?tag=rpcremotefindfirstprinterchangenotification">RpcRemoteFindFirstPrinterChangeNotification</a>, <a class="term term-tagpost_tag term-1317" href="https://adsecurity.org/?tag=spooler">Spooler</a>, <a class="term term-tagpost_tag term-1319" href="https://adsecurity.org/?tag=spooler-service">Spooler Service</a></span></li> </ul> </div> </div> <div id="post-4019" class="clearfix post post-4019 type-post status-publish format-standard hentry category-security-conference-presentationvideo category-vulnerability item-wrap"> <div class="entry clearfix"> <div class="post-date date alpha with-year"> <p class="default_date"> <span class="month">Aug</span> <span class="day">12</span> <span class="year">2018</span> </p> </div> <h2 class="post-title entry-title"> <a href="https://adsecurity.org/?p=4019" rel="bookmark" title="Permalink to Black Hat & DEF CON Presentation Slides Posted"> Black Hat & DEF CON Presentation Slides Posted </a> </h2> <ul class="post-meta entry-meta clearfix"> <li class="byline"> By <span class="author"><a href="https://adsecurity.org/?author=2" rel="author">Sean Metcalf</a></span><span class="entry-cat"> in <span class="terms"><a class="term term-category term-234" href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a>, <a class="term term-category term-930" href="https://adsecurity.org/?cat=930">Vulnerability</a></span></span> </li> </ul> <div class="entry-content clearfix"> <div class="excerpt-thumb"><a href="https://adsecurity.org/?p=4019"><img width="300" height="168" src="https://adsecurity.org/wp-content/uploads/2018/08/BH2018-TitleSlide-300x168.png" class="attachment-medium size-medium" alt="" decoding="async" loading="lazy" srcset="https://adsecurity.org/wp-content/uploads/2018/08/BH2018-TitleSlide-300x168.png 300w, https://adsecurity.org/wp-content/uploads/2018/08/BH2018-TitleSlide-768x429.png 768w, https://adsecurity.org/wp-content/uploads/2018/08/BH2018-TitleSlide-1024x572.png 1024w, https://adsecurity.org/wp-content/uploads/2018/08/BH2018-TitleSlide.png 1441w" sizes="(max-width: 300px) 100vw, 300px" /></a></div> <p>I just uploaded the slides from my Black Hat & DEF CON talks from the past week in Vegas. They are a bit different with the BH talk more Blue (defensive) and the DC talk mostly Red (Offensive) in focus. Also note that the only real overlap in content is the MFA & password vault … </p> <p><a class="more-link btn" href="https://adsecurity.org/?p=4019">Continue reading</a></p> </div> </div> </div> </div> <div class="pagination-wrapper"> <ul class="pagination"> <li class="disabled"><span class="page-numbers"><i class="fa fa-angle-left"></i></span></li> <li class="active"><span aria-current="page" class="page-numbers current">1</span></li><li><a class="page-numbers" href="https://adsecurity.org/?paged=2&author=2">2</a></li><li><a class="page-numbers" href="https://adsecurity.org/?paged=3&author=2">3</a></li><li><span class="page-numbers dots">…</span></li><li><a class="page-numbers" href="https://adsecurity.org/?paged=25&author=2">25</a></li><li><a class="next page-numbers" href="https://adsecurity.org/?paged=2&author=2"><i class="fa fa-angle-right"></i></a></li> </ul> </div> </div> <div id="sidebar1" class="sidebar sidebar-right widget-area col-md-4"> <div id="recent-posts-4" class="sidebar-wrap widget_recent_entries"> <h3>Recent Posts</h3> <ul> <li> <a href="https://adsecurity.org/?p=4436">BSides Dublin – The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations – Sean Metcalf</a> </li> <li> <a href="https://adsecurity.org/?p=4434">DEFCON 2017: Transcript – Hacking the Cloud</a> </li> <li> <a href="https://adsecurity.org/?p=4432">Detecting the Elusive: Active Directory Threat Hunting</a> </li> <li> <a href="https://adsecurity.org/?p=4430">Detecting Kerberoasting Activity</a> </li> <li> <a href="https://adsecurity.org/?p=4428">Detecting Password Spraying with Security Event Auditing</a> </li> </ul> </div><div id="text-3" class="sidebar-wrap widget_text"><h3>Trimarc Active Directory Security Services</h3> <div class="textwidget">Have concerns about your Active Directory environment? Trimarc helps enterprises improve their security posture. <p> <a href="http://trimarcsecurity.com/security-services">Find out how...</a> TrimarcSecurity.com</div> </div><div id="widget_tptn_pop-4" class="sidebar-wrap tptn_posts_list_widget"><h3>Popular Posts</h3><div class="tptn_posts tptn_posts_widget tptn_posts_widget4"><ul><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=478" class="tptn_link"><span class="tptn_title">PowerShell Encoding & Decoding (Base64)</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=2362" class="tptn_link"><span class="tptn_title">Attack Methods for Gaining Domain Admin Rights in…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=483" class="tptn_link"><span class="tptn_title">Kerberos & KRBTGT: Active Directory’s…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=2288" class="tptn_link"><span class="tptn_title">Finding Passwords in SYSVOL & Exploiting Group…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3377" class="tptn_link"><span class="tptn_title">Securing Domain Controllers to Improve Active…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3299" class="tptn_link"><span class="tptn_title">Securing Windows Workstations: Developing a Secure Baseline</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3458" class="tptn_link"><span class="tptn_title">Detecting Kerberoasting Activity</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=1729" class="tptn_link"><span class="tptn_title">Mimikatz DCSync Usage, Exploitation, and Detection</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3658" class="tptn_link"><span class="tptn_title">Scanning for Active Directory Privileges &…</span></a></span></li><li><span class="tptn_after_thumb"><a href="https://adsecurity.org/?p=3164" class="tptn_link"><span class="tptn_title">Microsoft LAPS Security & Active Directory LAPS…</span></a></span></li></ul><div class="tptn_clear"></div></div></div><div id="categories-4" class="sidebar-wrap widget_categories"><h3>Categories</h3> <ul> <li class="cat-item cat-item-565"><a href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a> </li> <li class="cat-item cat-item-55"><a href="https://adsecurity.org/?cat=55">Apple Security</a> </li> <li class="cat-item cat-item-431"><a href="https://adsecurity.org/?cat=431">Cloud Security</a> </li> <li class="cat-item cat-item-17"><a href="https://adsecurity.org/?cat=17">Continuing Education</a> </li> <li class="cat-item cat-item-396"><a href="https://adsecurity.org/?cat=396">Entertainment</a> </li> <li class="cat-item cat-item-347"><a href="https://adsecurity.org/?cat=347">Exploit</a> </li> <li class="cat-item cat-item-1039"><a href="https://adsecurity.org/?cat=1039">Hacking</a> </li> <li class="cat-item cat-item-168"><a href="https://adsecurity.org/?cat=168">Hardware Security</a> </li> <li class="cat-item cat-item-172"><a href="https://adsecurity.org/?cat=172">Hypervisor Security</a> </li> <li class="cat-item cat-item-126"><a href="https://adsecurity.org/?cat=126">Linux/Unix Security</a> </li> <li class="cat-item cat-item-343"><a href="https://adsecurity.org/?cat=343">Malware</a> </li> <li class="cat-item cat-item-11"><a href="https://adsecurity.org/?cat=11">Microsoft Security</a> </li> <li class="cat-item cat-item-819"><a href="https://adsecurity.org/?cat=819">Mitigation</a> </li> <li class="cat-item cat-item-48"><a href="https://adsecurity.org/?cat=48">Network/System Security</a> </li> <li class="cat-item cat-item-7"><a href="https://adsecurity.org/?cat=7">PowerShell</a> </li> <li class="cat-item cat-item-698"><a href="https://adsecurity.org/?cat=698">RealWorld</a> </li> <li class="cat-item cat-item-21"><a href="https://adsecurity.org/?cat=21">Security</a> </li> <li class="cat-item cat-item-234"><a href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a> </li> <li class="cat-item cat-item-1045"><a href="https://adsecurity.org/?cat=1045">Security Recommendation</a> </li> <li class="cat-item cat-item-24"><a href="https://adsecurity.org/?cat=24">Technical Article</a> </li> <li class="cat-item cat-item-4"><a href="https://adsecurity.org/?cat=4">Technical Reading</a> </li> <li class="cat-item cat-item-2"><a href="https://adsecurity.org/?cat=2">Technical Reference</a> </li> <li class="cat-item cat-item-156"><a href="https://adsecurity.org/?cat=156">TheCloud</a> </li> <li class="cat-item cat-item-930"><a href="https://adsecurity.org/?cat=930">Vulnerability</a> </li> </ul> </div><div id="tag_cloud-3" class="sidebar-wrap widget_tag_cloud"><h3>Tags</h3><div class="tagcloud"><a href="https://adsecurity.org/?tag=activedirectory" class="tag-cloud-link tag-link-20 tag-link-position-1" style="font-size: 22pt;" aria-label="ActiveDirectory (55 items)">ActiveDirectory</a> <a href="https://adsecurity.org/?tag=active-directory" class="tag-cloud-link tag-link-75 tag-link-position-2" style="font-size: 10.453608247423pt;" aria-label="Active Directory (8 items)">Active Directory</a> <a href="https://adsecurity.org/?tag=active-directory-security" class="tag-cloud-link tag-link-976 tag-link-position-3" style="font-size: 9.7319587628866pt;" aria-label="Active Directory Security (7 items)">Active Directory Security</a> <a href="https://adsecurity.org/?tag=activedirectorysecurity" class="tag-cloud-link tag-link-113 tag-link-position-4" style="font-size: 13.773195876289pt;" aria-label="ActiveDirectorySecurity (14 items)">ActiveDirectorySecurity</a> <a href="https://adsecurity.org/?tag=adreading" class="tag-cloud-link tag-link-5 tag-link-position-5" style="font-size: 13.340206185567pt;" aria-label="ADReading (13 items)">ADReading</a> <a href="https://adsecurity.org/?tag=ad-security" class="tag-cloud-link tag-link-100 tag-link-position-6" style="font-size: 8pt;" aria-label="AD Security (5 items)">AD Security</a> <a href="https://adsecurity.org/?tag=adsecurity" class="tag-cloud-link tag-link-86 tag-link-position-7" style="font-size: 10.453608247423pt;" aria-label="ADSecurity (8 items)">ADSecurity</a> <a href="https://adsecurity.org/?tag=azure" class="tag-cloud-link tag-link-25 tag-link-position-8" style="font-size: 8pt;" aria-label="Azure (5 items)">Azure</a> <a href="https://adsecurity.org/?tag=azuread" class="tag-cloud-link tag-link-136 tag-link-position-9" style="font-size: 8pt;" aria-label="AzureAD (5 items)">AzureAD</a> <a href="https://adsecurity.org/?tag=dcsync" class="tag-cloud-link tag-link-598 tag-link-position-10" style="font-size: 10.453608247423pt;" aria-label="DCSync (8 items)">DCSync</a> <a href="https://adsecurity.org/?tag=domaincontroller" class="tag-cloud-link tag-link-101 tag-link-position-11" style="font-size: 15.216494845361pt;" aria-label="DomainController (18 items)">DomainController</a> <a href="https://adsecurity.org/?tag=goldenticket" class="tag-cloud-link tag-link-303 tag-link-position-12" style="font-size: 11.175257731959pt;" aria-label="GoldenTicket (9 items)">GoldenTicket</a> <a href="https://adsecurity.org/?tag=grouppolicy" class="tag-cloud-link tag-link-196 tag-link-position-13" style="font-size: 8pt;" aria-label="GroupPolicy (5 items)">GroupPolicy</a> <a href="https://adsecurity.org/?tag=hyperv" class="tag-cloud-link tag-link-3 tag-link-position-14" style="font-size: 8pt;" aria-label="HyperV (5 items)">HyperV</a> <a href="https://adsecurity.org/?tag=invoke-mimikatz" class="tag-cloud-link tag-link-336 tag-link-position-15" style="font-size: 10.453608247423pt;" aria-label="Invoke-Mimikatz (8 items)">Invoke-Mimikatz</a> <a href="https://adsecurity.org/?tag=kb3011780" class="tag-cloud-link tag-link-337 tag-link-position-16" style="font-size: 9.7319587628866pt;" aria-label="KB3011780 (7 items)">KB3011780</a> <a href="https://adsecurity.org/?tag=kdc" class="tag-cloud-link tag-link-80 tag-link-position-17" style="font-size: 8pt;" aria-label="KDC (5 items)">KDC</a> <a href="https://adsecurity.org/?tag=kerberos" class="tag-cloud-link tag-link-81 tag-link-position-18" style="font-size: 15.216494845361pt;" aria-label="Kerberos (18 items)">Kerberos</a> <a href="https://adsecurity.org/?tag=kerberoshacking" class="tag-cloud-link tag-link-298 tag-link-position-19" style="font-size: 11.752577319588pt;" aria-label="KerberosHacking (10 items)">KerberosHacking</a> <a href="https://adsecurity.org/?tag=krbtgt" class="tag-cloud-link tag-link-394 tag-link-position-20" style="font-size: 9.7319587628866pt;" aria-label="KRBTGT (7 items)">KRBTGT</a> <a href="https://adsecurity.org/?tag=laps" class="tag-cloud-link tag-link-631 tag-link-position-21" style="font-size: 9.0103092783505pt;" aria-label="LAPS (6 items)">LAPS</a> <a href="https://adsecurity.org/?tag=lsass" class="tag-cloud-link tag-link-71 tag-link-position-22" style="font-size: 11.175257731959pt;" aria-label="LSASS (9 items)">LSASS</a> <a href="https://adsecurity.org/?tag=mcm" class="tag-cloud-link tag-link-6 tag-link-position-23" style="font-size: 14.061855670103pt;" aria-label="MCM (15 items)">MCM</a> <a href="https://adsecurity.org/?tag=microsoftemet" class="tag-cloud-link tag-link-58 tag-link-position-24" style="font-size: 11.175257731959pt;" aria-label="MicrosoftEMET (9 items)">MicrosoftEMET</a> <a href="https://adsecurity.org/?tag=microsoftwindows" class="tag-cloud-link tag-link-102 tag-link-position-25" style="font-size: 9.7319587628866pt;" aria-label="MicrosoftWindows (7 items)">MicrosoftWindows</a> <a href="https://adsecurity.org/?tag=mimikatz" class="tag-cloud-link tag-link-207 tag-link-position-26" style="font-size: 18.103092783505pt;" aria-label="mimikatz (29 items)">mimikatz</a> <a href="https://adsecurity.org/?tag=ms14068" class="tag-cloud-link tag-link-295 tag-link-position-27" style="font-size: 11.175257731959pt;" aria-label="MS14068 (9 items)">MS14068</a> <a href="https://adsecurity.org/?tag=passthehash" class="tag-cloud-link tag-link-44 tag-link-position-28" style="font-size: 9.7319587628866pt;" aria-label="PassTheHash (7 items)">PassTheHash</a> <a href="https://adsecurity.org/?tag=powershell" class="tag-cloud-link tag-link-575 tag-link-position-29" style="font-size: 18.536082474227pt;" aria-label="PowerShell (31 items)">PowerShell</a> <a href="https://adsecurity.org/?tag=powershellcode" class="tag-cloud-link tag-link-22 tag-link-position-30" style="font-size: 14.927835051546pt;" aria-label="PowerShellCode (17 items)">PowerShellCode</a> <a href="https://adsecurity.org/?tag=powershellhacking" class="tag-cloud-link tag-link-68 tag-link-position-31" style="font-size: 8pt;" aria-label="PowerShellHacking (5 items)">PowerShellHacking</a> <a href="https://adsecurity.org/?tag=powershellv5" class="tag-cloud-link tag-link-69 tag-link-position-32" style="font-size: 8pt;" aria-label="PowerShellv5 (5 items)">PowerShellv5</a> <a href="https://adsecurity.org/?tag=powersploit" class="tag-cloud-link tag-link-232 tag-link-position-33" style="font-size: 10.453608247423pt;" aria-label="PowerSploit (8 items)">PowerSploit</a> <a href="https://adsecurity.org/?tag=presentation" class="tag-cloud-link tag-link-422 tag-link-position-34" style="font-size: 9.7319587628866pt;" aria-label="Presentation (7 items)">Presentation</a> <a href="https://adsecurity.org/?tag=security" class="tag-cloud-link tag-link-576 tag-link-position-35" style="font-size: 8pt;" aria-label="Security (5 items)">Security</a> <a href="https://adsecurity.org/?tag=silverticket" class="tag-cloud-link tag-link-304 tag-link-position-36" style="font-size: 11.175257731959pt;" aria-label="SilverTicket (9 items)">SilverTicket</a> <a href="https://adsecurity.org/?tag=sneakyadpersistence" class="tag-cloud-link tag-link-596 tag-link-position-37" style="font-size: 9.0103092783505pt;" aria-label="SneakyADPersistence (6 items)">SneakyADPersistence</a> <a href="https://adsecurity.org/?tag=spn" class="tag-cloud-link tag-link-294 tag-link-position-38" style="font-size: 9.0103092783505pt;" aria-label="SPN (6 items)">SPN</a> <a href="https://adsecurity.org/?tag=tgs" class="tag-cloud-link tag-link-528 tag-link-position-39" style="font-size: 9.0103092783505pt;" aria-label="TGS (6 items)">TGS</a> <a href="https://adsecurity.org/?tag=tgt" class="tag-cloud-link tag-link-529 tag-link-position-40" style="font-size: 9.0103092783505pt;" aria-label="TGT (6 items)">TGT</a> <a href="https://adsecurity.org/?tag=windows7" class="tag-cloud-link tag-link-117 tag-link-position-41" style="font-size: 8pt;" aria-label="Windows7 (5 items)">Windows7</a> <a href="https://adsecurity.org/?tag=windows10" class="tag-cloud-link tag-link-494 tag-link-position-42" style="font-size: 10.453608247423pt;" aria-label="Windows10 (8 items)">Windows10</a> <a href="https://adsecurity.org/?tag=windowsserver2008r2" class="tag-cloud-link tag-link-46 tag-link-position-43" style="font-size: 9.0103092783505pt;" aria-label="WindowsServer2008R2 (6 items)">WindowsServer2008R2</a> <a href="https://adsecurity.org/?tag=windowsserver2012" class="tag-cloud-link tag-link-47 tag-link-position-44" style="font-size: 11.175257731959pt;" aria-label="WindowsServer2012 (9 items)">WindowsServer2012</a> <a href="https://adsecurity.org/?tag=windowsserver2012r2" class="tag-cloud-link tag-link-54 tag-link-position-45" style="font-size: 9.7319587628866pt;" aria-label="WindowsServer2012R2 (7 items)">WindowsServer2012R2</a></div> </div><div id="search-2" class="sidebar-wrap widget_search"><form class="searchform" method="get" action="https://adsecurity.org"> <div class="input-group"> <div class="form-group live-search-input"> <label for="s" class="screen-reader-text">Search for:</label> <input type="text" id="s" name="s" class="form-control" placeholder="Search"> </div> <span class="input-group-btn"> <button class="btn btn-default" type="submit"><i class="fa fa-search"></i></button> </span> </div> </form></div> <div id="recent-posts-2" class="sidebar-wrap widget_recent_entries"> <h3>Recent Posts</h3> <ul> <li> <a href="https://adsecurity.org/?p=4436">BSides Dublin – The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations – Sean Metcalf</a> </li> <li> <a href="https://adsecurity.org/?p=4434">DEFCON 2017: Transcript – Hacking the Cloud</a> </li> <li> <a href="https://adsecurity.org/?p=4432">Detecting the Elusive: Active Directory Threat Hunting</a> </li> <li> <a href="https://adsecurity.org/?p=4430">Detecting Kerberoasting Activity</a> </li> <li> <a href="https://adsecurity.org/?p=4428">Detecting Password Spraying with Security Event Auditing</a> </li> </ul> </div><div id="recent-comments-2" class="sidebar-wrap widget_recent_comments"><h3>Recent Comments</h3><ul id="recentcomments"><li class="recentcomments"><span class="comment-author-link">Derek</span> on <a href="https://adsecurity.org/?p=3592#comment-13603">Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory</a></li><li class="recentcomments"><span class="comment-author-link"><a href="https://ADSecurity.org" class="url" rel="ugc">Sean Metcalf</a></span> on <a href="https://adsecurity.org/?p=3782#comment-13545">Securing Microsoft Active Directory Federation Server (ADFS)</a></li><li class="recentcomments"><span class="comment-author-link">Brad</span> on <a href="https://adsecurity.org/?p=3782#comment-13544">Securing Microsoft Active Directory Federation Server (ADFS)</a></li><li class="recentcomments"><span class="comment-author-link">Joonas</span> on <a href="https://adsecurity.org/?p=3719#comment-13229">Gathering AD Data with the Active Directory PowerShell Module</a></li><li class="recentcomments"><span class="comment-author-link"><a href="https://ADSecurity.org" class="url" rel="ugc">Sean Metcalf</a></span> on <a href="https://adsecurity.org/?p=3719#comment-13215">Gathering AD Data with the Active Directory PowerShell Module</a></li></ul></div><div id="archives-2" class="sidebar-wrap widget_archive"><h3>Archives</h3> <ul> <li><a href='https://adsecurity.org/?m=202406'>June 2024</a></li> <li><a href='https://adsecurity.org/?m=202405'>May 2024</a></li> <li><a href='https://adsecurity.org/?m=202005'>May 2020</a></li> <li><a href='https://adsecurity.org/?m=202001'>January 2020</a></li> <li><a href='https://adsecurity.org/?m=201908'>August 2019</a></li> <li><a href='https://adsecurity.org/?m=201903'>March 2019</a></li> <li><a href='https://adsecurity.org/?m=201902'>February 2019</a></li> <li><a href='https://adsecurity.org/?m=201810'>October 2018</a></li> <li><a href='https://adsecurity.org/?m=201808'>August 2018</a></li> <li><a href='https://adsecurity.org/?m=201805'>May 2018</a></li> <li><a href='https://adsecurity.org/?m=201801'>January 2018</a></li> <li><a href='https://adsecurity.org/?m=201711'>November 2017</a></li> <li><a href='https://adsecurity.org/?m=201708'>August 2017</a></li> <li><a href='https://adsecurity.org/?m=201706'>June 2017</a></li> <li><a href='https://adsecurity.org/?m=201705'>May 2017</a></li> <li><a href='https://adsecurity.org/?m=201702'>February 2017</a></li> <li><a href='https://adsecurity.org/?m=201701'>January 2017</a></li> <li><a href='https://adsecurity.org/?m=201611'>November 2016</a></li> <li><a href='https://adsecurity.org/?m=201610'>October 2016</a></li> <li><a href='https://adsecurity.org/?m=201609'>September 2016</a></li> <li><a href='https://adsecurity.org/?m=201608'>August 2016</a></li> <li><a href='https://adsecurity.org/?m=201607'>July 2016</a></li> <li><a href='https://adsecurity.org/?m=201606'>June 2016</a></li> <li><a href='https://adsecurity.org/?m=201604'>April 2016</a></li> <li><a href='https://adsecurity.org/?m=201603'>March 2016</a></li> <li><a href='https://adsecurity.org/?m=201602'>February 2016</a></li> <li><a href='https://adsecurity.org/?m=201601'>January 2016</a></li> <li><a href='https://adsecurity.org/?m=201512'>December 2015</a></li> <li><a href='https://adsecurity.org/?m=201511'>November 2015</a></li> <li><a href='https://adsecurity.org/?m=201510'>October 2015</a></li> <li><a href='https://adsecurity.org/?m=201509'>September 2015</a></li> <li><a href='https://adsecurity.org/?m=201508'>August 2015</a></li> <li><a href='https://adsecurity.org/?m=201507'>July 2015</a></li> <li><a href='https://adsecurity.org/?m=201506'>June 2015</a></li> <li><a href='https://adsecurity.org/?m=201505'>May 2015</a></li> <li><a href='https://adsecurity.org/?m=201504'>April 2015</a></li> <li><a href='https://adsecurity.org/?m=201503'>March 2015</a></li> <li><a href='https://adsecurity.org/?m=201502'>February 2015</a></li> <li><a href='https://adsecurity.org/?m=201501'>January 2015</a></li> <li><a href='https://adsecurity.org/?m=201412'>December 2014</a></li> <li><a href='https://adsecurity.org/?m=201411'>November 2014</a></li> <li><a href='https://adsecurity.org/?m=201410'>October 2014</a></li> <li><a href='https://adsecurity.org/?m=201409'>September 2014</a></li> <li><a href='https://adsecurity.org/?m=201408'>August 2014</a></li> <li><a href='https://adsecurity.org/?m=201407'>July 2014</a></li> <li><a href='https://adsecurity.org/?m=201406'>June 2014</a></li> <li><a href='https://adsecurity.org/?m=201405'>May 2014</a></li> <li><a href='https://adsecurity.org/?m=201404'>April 2014</a></li> <li><a href='https://adsecurity.org/?m=201403'>March 2014</a></li> <li><a href='https://adsecurity.org/?m=201402'>February 2014</a></li> <li><a href='https://adsecurity.org/?m=201307'>July 2013</a></li> <li><a href='https://adsecurity.org/?m=201211'>November 2012</a></li> <li><a href='https://adsecurity.org/?m=201203'>March 2012</a></li> <li><a href='https://adsecurity.org/?m=201202'>February 2012</a></li> </ul> </div><div id="categories-2" class="sidebar-wrap widget_categories"><h3>Categories</h3> <ul> <li class="cat-item cat-item-565"><a href="https://adsecurity.org/?cat=565">ActiveDirectorySecurity</a> </li> <li class="cat-item cat-item-55"><a href="https://adsecurity.org/?cat=55">Apple Security</a> </li> <li class="cat-item cat-item-431"><a href="https://adsecurity.org/?cat=431">Cloud Security</a> </li> <li class="cat-item cat-item-17"><a href="https://adsecurity.org/?cat=17">Continuing Education</a> </li> <li class="cat-item cat-item-396"><a href="https://adsecurity.org/?cat=396">Entertainment</a> </li> <li class="cat-item cat-item-347"><a href="https://adsecurity.org/?cat=347">Exploit</a> </li> <li class="cat-item cat-item-1039"><a href="https://adsecurity.org/?cat=1039">Hacking</a> </li> <li class="cat-item cat-item-168"><a href="https://adsecurity.org/?cat=168">Hardware Security</a> </li> <li class="cat-item cat-item-172"><a href="https://adsecurity.org/?cat=172">Hypervisor Security</a> </li> <li class="cat-item cat-item-126"><a href="https://adsecurity.org/?cat=126">Linux/Unix Security</a> </li> <li class="cat-item cat-item-343"><a href="https://adsecurity.org/?cat=343">Malware</a> </li> <li class="cat-item cat-item-11"><a href="https://adsecurity.org/?cat=11">Microsoft Security</a> </li> <li class="cat-item cat-item-819"><a href="https://adsecurity.org/?cat=819">Mitigation</a> </li> <li class="cat-item cat-item-48"><a href="https://adsecurity.org/?cat=48">Network/System Security</a> </li> <li class="cat-item cat-item-7"><a href="https://adsecurity.org/?cat=7">PowerShell</a> </li> <li class="cat-item cat-item-698"><a href="https://adsecurity.org/?cat=698">RealWorld</a> </li> <li class="cat-item cat-item-21"><a href="https://adsecurity.org/?cat=21">Security</a> </li> <li class="cat-item cat-item-234"><a href="https://adsecurity.org/?cat=234">Security Conference Presentation/Video</a> </li> <li class="cat-item cat-item-1045"><a href="https://adsecurity.org/?cat=1045">Security Recommendation</a> </li> <li class="cat-item cat-item-24"><a href="https://adsecurity.org/?cat=24">Technical Article</a> </li> <li class="cat-item cat-item-4"><a href="https://adsecurity.org/?cat=4">Technical Reading</a> </li> <li class="cat-item cat-item-2"><a href="https://adsecurity.org/?cat=2">Technical Reference</a> </li> <li class="cat-item cat-item-156"><a href="https://adsecurity.org/?cat=156">TheCloud</a> </li> <li class="cat-item cat-item-930"><a href="https://adsecurity.org/?cat=930">Vulnerability</a> </li> </ul> </div><div id="meta-2" class="sidebar-wrap widget_meta"><h3>Meta</h3> <ul> <li><a href="https://adsecurity.org/wp-login.php">Log in</a></li> <li><a href="https://adsecurity.org/?feed=rss2">Entries feed</a></li> <li><a href="https://adsecurity.org/?feed=comments-rss2">Comments feed</a></li> <li><a href="https://wordpress.org/">WordPress.org</a></li> </ul> </div> </div> </div> <div id="sidebar_bottom" class="sidebar widget-area row footer-widget-col-3"> <div id="text-2" class="sidebar-wrap widget_text col-sm-4"><h3>Copyright</h3> <div class="textwidget">Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.</div> </div> </div> <div id="footer" class="row default-footer"> <div class="copyright-developer"> <div id="copyright"> <p>Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. </p> </div> <div id="developer"> <p> Made with <i class="fa fa-heart"></i> by <a href="https://www.graphene-theme.com/" rel="nofollow">Graphene Themes</a>. </p> </div> </div> </div> </div>  <script>  <a href="#" id="back-to-top" title="Back to top"><i class="fa fa-chevron-up"></i></a> <script defer type="text/javascript" src="https://adsecurity.org/wp-includes/js/comment-reply.min.js?ver=6.5.5" id="comment-reply-js" async="async" data-wp-strategy="async"></script> </body> </html>