This article rounds out a series of articles on Kerberos delegation. Before reading it, we suggest making sure you are familiar with both Active Directory delegation and Kerberos delegation, and have read the earlier posts in the series that provide an overview of how resource-based constrained delegation and unconstrained delegation are configured and how they can be abused. This article explains how a constrained delegation attack enables an adversary to gain elevated access to vital services.

Compromising the credentials of Active Directory accounts remains a primary way for adversaries to gain a foothold in an organization’s IT ecosystem. They use a range of tactics, including credential stuffing, password spraying, phishing and brute-force attacks This blog post details key best practices for effective user credential management. Then it dives into how software can help enforce those best practices and further secure user credentials.

Commonly referred to as Zerologon, CVE-2020-1472 is the Common Vulnerabilities and Exposures (CVE) identifier assigned to a vulnerability in Microsoft’s Netlogon Remote Protocol (MS-NRPC). MS-NRPC is essential for authentication of both user and machine accounts in Active Directory.

Adversaries use multiple techniques to identify and exploit weaknesses in Active Directory (AD) to gain access to critical systems and data. This blog post explores 3 ways they use PowerShell PowerSploit to elevate or abuse permissions, and offers effective strategies for protecting against them.

Monitoring SharePoint Server activity is vital to knowing who is accessing your SharePoint sites, services and content and how they’re using your system. Tracking SharePoint performance monitoring metrics can help you identify potential problems in time to stop them from negatively affecting your business. You can also use tracking activity to monitor the adoption and usage rates of SharePoint and determine areas that need improvement.

The transition to hybrid IT architectures and remote work strategies has greatly expanded the IT estates of most organizations in recent years. Couple this expansion with the growing number of computing and IoT devices that connect to company networks today and you understand why cybersecurity is a growing challenge: As your IT footprint grows, so does your attack surface.

Active Directory (AD) is a database and set of services that offers centralized management of IT infrastructure resources. It connects users with the resources they require to get their work done. Therefore, technicians must be able to quickly check and recover AD attributes that are modified or deleted by hardware failures, cyberattacks, scripting mistakes and other problems.

Users normally update their domain account passwords using the Windows Settings menu. But if they forget their password or their account is disabled, an administrator needs to step in. This blog post explores several ways that an admin can reset a user’s password or create a new one. First, we review the easiest options: Active Directory Users and Computers (ADUC) and Active Directory Administrative Center (ADAC).

Microsoft SharePoint is one of the most popular platforms for collaboration and content sharing within internal teams and even with external users. Therefore, ensuring SharePoint security is vital to helping your company avoid costly data breaches and business disruptions. This article details the key best practices for protecting your SharePoint sites, whether you are using on-prem SharePoint Server or SharePoint Online version.

Microsoft SharePoint enables users to share files with coworkers in just a few clicks. However, external sharing is just as easy— which puts the security of your sensitive data at risk. To help you control external sharing of files and folders without interfering with legitimate collaboration, this article details the external sharing settings available in the Microsoft administrative interfaces and offers best practices for configuring them.