Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Active Directory


Finding Weak Passwords in Active Directory

Knowing the credentials for any user account in your network gives an adversary significant power. After logging on as a legitimate user, they can move laterally to other systems and escalate their privileges to deploy ransomware, steal critical data, disrupt vital operations and more. Most organizations know this, and take steps to protect user credentials.


Detecting CVE-2022-30216: Windows Server Service Tampering

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that allows an attacker to authenticate to Active Directory Certification Services (ADCS) and to generate a client certificate that enables remote code execution on a domain controller.


A practical approach to Active Directory Domain Services, Part 9: An AD reality check

Have you looked into some of the most well-known Active Directory (AD) attacks from around the world? Do you understand the nuances of these popular attacks and can you put the AD fundamentals you learned in the earlier parts of this blog series to good use?


A practical approach to Active Directory Domain Services, Part 8: AD attacks

How and why do attackers target an organization’s Active Directory (AD)? This blog, which is part 8 of the series A Practical approach to Active Directory Domain Services, will provide you with the answers. In this part, we will examine what attackers gain by compromising the AD setup. We will also look at some of the most noted means by which AD is compromised. There are two main sections to this blog.


Kerberos and Active Directory

If you have been researching Active Directory (AD), chances are that you will come across the concept of Kerberos for user authentication and other service request-related functionalities. It is worthwhile to examine the Kerberos protocol in depth and, in turn, appreciate the dependency of AD on Kerberos. Given that Kerberos is an industry standard, you will see that it has become the most widely used network authentication protocol for all Windows environments with operating systems 2000 and later.

Arctic Wolf

CVE-2022-28219: Trivial PoC Exploit Could Lead to Unauthenticated RCE in ManageEngine ADAudit Plus

On Wednesday, June 29, 2022, published a proof-of-concept (PoC) exploit that targets CVE-2022-28219, a critical attack chain that includes unauthenticated XML External Entities (XXE), Java deserialization, and path traversal vulnerabilities that could lead to remote code execution (RCE) if successfully chained together. CVE-2022-28219 impacts Zoho’s ManageEngine ADAudit Plus builds prior to 7060. ManageEngine patched CVE-2022-28219 on March 30, 2022.


A practical approach to Active Directory Domain Services, Part 7: Cybersecurity and AD

In the first six parts of this blog series, we laid the foundation for beginning to work with and manage Active Directory (AD). With the groundwork out of the way, it is now time to explore the relationship between cybersecurity and AD. Taking this series one step further, this blog provides an overview of which design considerations are important in securing your AD infrastructure against potential security breaches.


How ADAudit Plus helps you assess your exposure to Follina (CVE-2022-30190)

The recently discovered Windows zero-day vulnerability continues to make news as threat actors across the globe are relentless in their efforts to exploit it. The vulnerability, dubbed Follina, can be exploited when the Microsoft Support Diagnostic Tool (MSDT) is called by a Microsoft Office application using the URL protocol.


How we make ADSelfService Plus more secure for you

Security experts around the world are talking about the importance of improving security measures to keep networks safe—and for good reason. We have plenty of examples of how relentless threat actors can be, and we’ve now seen that not even a pandemic can stop or slow down their attacks.

Netwrix Password Reset

Netwrix Password Reset is an Active Directory password reset tool that enables users to securely reset or change their own passwords and unlock their accounts from any web browser, desktop or mobile device — without calling the help desk. Are password-related tickets driving up your IT helpdesk costs? Do lockouts and password management headaches frustrate your users and disrupt vital business processes? A self-service password reset tool can solve these problems, but you might be worried that it could increase the risk of attackers slipping into your network.