#ActiveDirectory

IT-Connect

@it-connect.bsky.social

2 hours ago

🔎 Astuce : rechercher les utilisateurs Active Directory dont un attribut est vide

Simple et efficace. 😉

Tutoriel de Florian par ici 👇
- www.it-connect.fr/rechercher-l...

#ActiveDirectory #sysadmin #powershell #tips

MISC

@miscmag.bsky.social

5 hours ago

#SSSD, #Kerberos et #ActiveDirectory : une surface d'attaque souvent délaissée sur #Linux, mais analysée dans notre dernier numéro.

Pour en savoir plus, rendez-vous en kiosque & sur boutique.ed-diamond.com/nouveautes/1....

IT-Connect

@it-connect.bsky.social

1 day ago

🔎 OpenRSAT : l'alternative open source aux outils RSAT de Microsoft

-> Plus besoin d'avoir une machine Windows pour administrer un Active Directory.

À découvrir sur IT-Connect 👇
- www.it-connect.fr/openrsat-alt...

#ActiveDirectory #OpenRSAT #opensource #sysadmin

Cybersecurity News Everyday

@hendryadrian.bsky.social

2 days ago

Infostealers ULP Data Is Burning Out SOC Teams and Killing Automation The industry’s obsession with unverified automation and massive ULP volumes creates a fragile intelligence supply chain that attackers can poison to trigger widespread false-positive credential alerts. The only reliable fix is to score and require Full Infostealer provenance (system.txt, hardware IDs, IP telemetry) so that only high-confidence data triggers automated remediation. #ULP #Infostealers #HudsonRock #ResetAsAService #PcComponentes #Okta #ActiveDirectory

The flood of unverified ULP data overwhelms SOC teams and breaks automation, as attackers exploit recycled info to trigger false resets. Full infostealer provenance is key for accurate response. #ULPData #ResetAsAService #ActiveDirectory

Andrew Armstrong

@techygeekshome.bsky.social

2 days ago

Export Active Directory User Information to CSV Using PowerShell

Export Active Directory User Information to CSV Using PowerShell | #Guide #Microsoft #Powershell #Server #Windows #ActiveDirectory #PowerShell #SysAdmin #ITAutomation #CSV

OpsMatters

@opsmatters.com

4 days ago

One Identity One Identity delivers solutions that help customers strengthen operational efficiency, reduce risk surface, control costs and enhance their cybersecurity.

The latest update for #OneIdentity includes "#ActiveDirectory under attack: Best practices to defend and protect your organization" and "Best practices for hybrid Active Directory automation".

#Cybersecurity #DigitalIdentity #IdentitySecurity https://opsmtrs.com/416nXrX

0x4ndy

@andy.codes

4 days ago

Running an enumeration in McDonald's.

#windows #infosec #activedirectory #ad #hacking #eneration #pentesting #security

Andreas Hartig

@hartiga.de

5 days ago

❓️ Do you miss Group Policy Preferences on Intune Managed Devices?

Maurice Daly has developed a solution for you.

msendpointmgr.com/2026/03/20/i...

#GPO #GPP #Intune #ActiveDirectory

AsBuiltReport

@asbuiltreport.com

5 days ago

Release v0.9.12 · AsBuiltReport/AsBuiltReport.Microsoft.AD [0.9.12] - 2026-04-02 🧰 Added Add Authentication Policies and Authentication Policy Silos support Add condition to check for members of Pre-Windows 2000 group Add a Replication diagram to the repo...

[New Release] AsBuiltReport.Microsoft.AD v0.9.12! Check out what's new! github.com/AsBuiltReport/AsBuiltRep... #Microsoft #ActiveDirectory #AsBuiltReport #PowerShell #MicrosoftMVP #MVPBuzz #cybersecurity #infosec

Cybersecurity News Everyday

@hendryadrian.bsky.social

5 days ago

Kerberos Constrained Delegation Exploitation This article provides a step-by-step technical walkthrough of abusing Kerberos Constrained Delegation (KCD) with Protocol Transition (S4U2Self + S4U2Proxy) in Active Directory to impersonate high-privilege users and access a SQL Server. It demonstrates exploiting a misconfigured service account (kavish) using tools like Impacket and outlines detection strategies and mitigations for defenders. #KerberosConstrainedDelegation #Impacket

Exploit Kerberos Constrained Delegation via Protocol Transition (S4U2Self + S4U2Proxy) to impersonate high-privilege users in Active Directory. Misconfigured service accounts enable access to SQL Server. #KerberosAttack #ActiveDirectory #USA

Whaller

@whaller.bsky.social

6 days ago

Un collaborateur quitte l'entreprise.

Badge rendu ✅
Compte VPN révoqué ? ❌
Accès SaaS coupés ? ❌
Mot de passe partagé changé ? ❌

30 à 40 % des comptes #ActiveDirectory appartiennent à des ex-collaborateurs.

L' #offboarding est l'angle mort de la #cybersécurité.

blog.whaller.com/2026/04/02/o...

ADGator.org

@adgator.org

6 days ago

#WomenInTech #WomenInCyber we want you to show off your #ActiveDirectory #BlueTeam skills! 10% off on the AD Security Bootcamp in Hanover from May 4 to May 8!
See adgator.org/learn-active... for details and adgator.org/bootcamp for booking (which is in German, but I am happy to have a mixed group)

IT-Connect

@it-connect.bsky.social

6 days ago

Mots de passe compromis : protégez votre Active Directory (et votre entreprise) ** Vidéo sponsorisée **La réutilisation des mots de passe représente un vrai risque pour votre Active Directory : découvrez pourquoi, et surtout, comment vou...

🤔 Qu'est-ce qui empêche vos utilisateurs de réutiliser un mot de passe personnel compromis comme mot de passe Active Directory pour ouvrir leur session #Windows ? 🔐

📖 www.it-connect.fr/active-direc...

🎥 youtu.be/oQbO_z9Fvro?...

#cybersécurité #ActiveDirectory #infosec

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 week ago

Impacket for Pentester: DACLEdit Discretionary Access Control List (DACL) misconfigurations in Active Directory can allow low-privilege users to escalate to Domain Admin and harvest all domain credentials using techniques like ForceChangePassword, FullControl/WriteMembers abuse, and DCSync. The article demonstrates a full ignite.local lab with exact impacket and bloodyAD commands, verification steps, and DACL restoration guidance, and recommends auditing and monitoring (Event IDs and DCSync indicators) to defend against these attacks. #ignite_local #DCSync

DACL misconfigurations in Active Directory enable low-privilege users to escalate to Domain Admin via ForceChangePassword, FullControl abuse, and DCSync. Audit Event IDs and monitor for DCSync activity. #ActiveDirectory #Pentesting #ignite_local

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 week ago

Active Directory Penetration Testing with BloodyAD This walkthrough demonstrates a complete Active Directory attack chain against the ignite.local lab using BloodyAD and Impacket, covering enumeration, privilege escalation, Kerberos attacks, credential dumping, RBCD, and persistence techniques. It highlights common misconfigurations—cleartext LDAP attributes, permissive ACLs, default machine account quotas, and disabled Kerberos pre-authentication—and provides detection and defensive recommendations. #BloodyAD #DCSync

Active Directory attacks using BloodyAD and Impacket reveal LDAP misconfigurations, Kerberos exploitation, privilege escalation, and persistence tactics in ignite.local lab. Key risks include cleartext LDAP and disabled pre-auth. #ActiveDirectory #Kerberos

Edy Werder

@edywerder.bsky.social

1 week ago

Synology Directory Server: Save Your Windows License (2026) Learn how to set up the Synology Directory Server on your NAS and run Active Directory without a Windows Server license. Step-by-step guide for small businesses.

Did you know your Synology NAS can replace a Windows Domain Controller? No Windows Server license needed.

👉 edywerder.ch/synology-dir...

#Synology #HomeServer #ActiveDirectory #NAS #Homelab #SysAdmin #SmallBusiness

Praetorian

@praetorianlabs.bsky.social

1 week ago

🔓 CVE-2025-33073 revives NTLM reflection attacks. Any domain user can hit SYSTEM on unpatched hosts without SMB signing.

Chain with unconstrained delegation → full domain compromise.

www.praetorian.com/blog/cve-202...

#offensivesecurity #activedirectory #theguardplatform #praetorian

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 week ago

Impacket for Pentester: Change Password impacket-changepasswd consolidates multiple Active Directory password change and reset techniques — including ForceChangePassword, pass-the-hash, NT hash injection, AES key usage, and Kerberos TGT-based resets — across SMB-SAMR, RPC-SAMR, LDAP, and kpasswd protocols. The article details lab setup, protocol-specific behavior, detection via Windows Event IDs, and defensive recommendations such as auditing AD ACLs and monitoring SAMR activity. #impacket-changepasswd #ActiveDirectory #ForceChangePassword #Kerberos

impacket-changepasswd combines multiple AD password reset methods—including ForceChangePassword, pass-the-hash, NT hash injection, and Kerberos TGT resets—across SMB-SAMR, RPC-SAMR, LDAP, and kpasswd with detection via Windows Event IDs. #ActiveDirectory #PasswordReset

Winbuzzer

@winbuzzer.com

1 week ago

Microsoft Ends Exchange Multi-Version Support in Major Overhaul Microsoft has ended multi-version Exchange Server co-existence, introduced mandatory security hardening, and reaffirmed on-premises support through 2035.

winbuzzer.com/2026/03/25/m...

Microsoft Ends Exchange Multi-Version Support in Major Overhaul

#Microsoft #MicrosoftExchangeServer #ExchangeOnline #ExchangeServer #Email #ActiveDirectory #Microsoft365 #Cloud #HybridCloud #Administrators #BigTech

IT-Connect

@it-connect.bsky.social

1 week ago

🛑 Sécurité Active Directory : tout ce que vous devez savoir sur l'attaque ASREPRoast

A consommer et à partager sans modération :
👉 www.it-connect.fr/securite-act...

#ActiveDirectory #Cybersecurite #infosec #elearning

Redmond

@redmondit.bsky.social

1 week ago

Hybrid identity is a prime target for modern attackers.

Join us, sponsor Cayosoft, and expert Craig Birch tomorrow for this FREE webcast on hybrid identity security, recovery and resilience.

Register now: https://ow.ly/YIUv50YyE49

#HybridIdentity #IdentitySecurity #ActiveDirectory #EntraID

Cybersecurity News Everyday

@hendryadrian.bsky.social

2 weeks ago

Zero Trust: Bridging the Gap Between Authentication and Trust As the workforce disperses beyond the corporate perimeter, Zero Trust is essential to tie identity to device posture rather than assuming anything inside the network is safe. Because MFA alone cannot detect compromised endpoints or stolen session tokens, solutions like Specops Device Trust bind identity to a verified device and enforce continuous posture checks to secure access. #SpecopsDeviceTrust #ActiveDirectory

As perimeter security fades, Zero Trust bridges the gap by linking identity to verified device posture. MFA alone isn’t enough to stop token theft or compromised endpoints. #ZeroTrust #DeviceSecurity #ActiveDirectory

Specops Software - an Outpost24 Company

@specopssoft.com

2 weeks ago

Last chance to register!

Webinar: Securing Active Directory in High-Trust Industries: From Credential Risk to Identity Assurance
➡️ 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗵𝗲𝗿𝗲 : buff.ly/c8uHIR9

𝟮𝟲 𝗠𝗮𝗿𝗰𝗵 𝟮𝟬𝟮𝟲 𝗜 𝟭𝟭:𝟬𝟬 𝗔𝗠 𝗘𝗦𝗧, 𝟰:𝟬𝟬 𝗣𝗠 𝗖𝗘𝗧

#CyberSecurity #IdentitySecurity #ActiveDirectory #IAM #Webinar

Andrew Armstrong

@techygeekshome.bsky.social

2 weeks ago

How to Reset Group Policy Settings to Default

How to Reset Group Policy Settings to Default | #Guide #Microsoft #HowToResetGroupPolicySettingsToDefault #GroupPolicy #WindowsAdmin #ActiveDirectory #CyberSecurity

Cybersecurity News Everyday

@hendryadrian.bsky.social

2 weeks ago

Active Directory Enumeration: BloodHound This guide explains BloodHound Community Edition's installation, backend setup, data collection methods (SharpHound, bloodhound-python, NetExec, Metasploit), and how to analyze Active Directory attack paths in the UI. It also highlights key queries and real-world findings such as DCSync and AS-REP risks, LAPS and GMSA exposures, ACL abuse, and identified high-value accounts in IGNITE.LOCAL. #BloodHound #IGNITE_LOCAL

BloodHound CE reveals Active Directory attack paths by mapping AD relationships for privilege escalation. Key features include SharpHound data collection, LAPS/GMSA exposure, ACL abuse, and high-value account identification in IGNITE.LOCAL. #BloodHound #ActiveDirectory

piggo

@pigondrugs.bsky.social

2 weeks ago

~Huntress~
SOAPHound evades AD detection by querying non-existent attributes, logging as (! (FALSE)) in Event 1644.
-
IOCs: SOAPHound
-
#ActiveDirectory #SOAPHound #ThreatIntel

OpsMatters

@opsmatters.com

2 weeks ago

One Identity One Identity delivers solutions that help customers strengthen operational efficiency, reduce risk surface, control costs and enhance their cybersecurity.

The latest update for #OneIdentity includes "Best practices for hybrid #ActiveDirectory automation" and "Closing the gaps in your identity lifecycle management strategy".

#Cybersecurity #DigitalIdentity #IdentitySecurity https://opsmtrs.com/416nXrX

CyberTaters

@potato.software

2 weeks ago

The latest update for #OneIdentity includes "Best practices for hybrid #ActiveDirectory automation" and "Closing the gaps in your identity lifecycle management strategy".

#Potatosecurity #DigitalIdentity #IdentitySecurity https://opsmtrs.com/416nXrX

GONICUS

@gonicus.bsky.social

3 weeks ago

CLT 2026: Wir bringen Praxiswissen nach Chemnitz. Unser Kollege Luca Kotte spricht über zentrales Linux-Desktop-Management in heterogenen Umgebungen. #CLT2026 #ChemnitzerLinuxTage #Linux #OpenSource #Desktop #ITSecurity #ActiveDirectory #GONICUS @cltnews.bsky.social

CyberTaters

@potato.software

3 weeks ago

The result?

They can now perform Pass-the-Hash (PtH) to the DC via WMI, SMB, or WinRM over the network. Even if all DA passwords change! 🚨

#PotatoSecurity #ActiveDirectory