pam_mount stopped working after update #server #mount #pam #activedirectory #kerberos
#ActiveDirectory
"BadSuccessor: Abusing dMSAs for AD Domination"
https://kreepblog.fly.dev/badsuccessor-abusing-dmsas-for-ad-domination/
#Badsuccessor #poc
#threatintel #security #activedirectory
Akamai research post + related github
https://github.com/akamai/BadSuccessor
Export Active Directory User Information to CSV Using PowerShell | https://techygeekshome.info/export-active-directory-user-information-to-csv-using-powershell/?fsp_sid=24160 | #ActiveDirectory #Guide #Microsoft #Powershell #refresh #Windows
https://techygeekshome.info/export-active-directory-user-information-to-csv-using-powershell/?fsp_sid=24160
Export Active Directory User Information to CSV Using PowerShell | https://techygeekshome.info/export-active-directory-user-information-to-csv-using-powershell/?fsp_sid=24159 | #ActiveDirectory #Guide #Microsoft #Powershell #refresh #Windows
https://techygeekshome.info/export-active-directory-user-information-to-csv-using-powershell/?fsp_sid=24159
Tiens, il y a un PoC d'exploitation pour la vulnérabilité BadSuccessor 👀
BadSuccessor, est une technique d'escalade de privilèges dans Active Directory. Elle exploite l’attribut peu connu dMSA ( delegated Managed Service Account) pour injecter un objet malveillant. Si un utilisateur a juste les droits "CreateChild" sur une OU (Organizational Unit), il peut créer un compte spécial et s’en servir pour devenir Domain Admin.
( 91% des environnements d'entreprise analysés par Akamai sont vulnérables à cette attaque. )
👇
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
Et maintenant, il y a un PoC fonctionnel côté offensive.
⬇️
SharpSuccessor
Un outil .NET qui automatise le processus. Il permet à un utilisateur peu privilégié de :
Créer un objet dMSA piégé dans une OU sur laquelle il a les droits "CreateChild"
Associer cet objet à sa propre session utilisateur
Et obtenir les privilèges de domaine admin
👇
https://github.com/logangoins/SharpSuccessor
Mitigation
"Until a formal patch is released by Microsoft, defensive efforts should focus on limiting the ability to create dMSAs and tightening permissions wherever possible."
Limiter les droits "CreateChild" :
Réviser les permissions sur les OU et restreindre la création d’objets aux seuls comptes administratifs de confiance.Surveiller les créations et modifications de dMSA :
Configurez des audits pour les événements AD pertinents (Event IDs 5136, 5137) afin de détecter toute activité suspecte liée aux dMSA.Utiliser des outils de détection :
Employer des scripts comme Get-BadSuccessorOUPermissions.ps1 ( https://github.com/akamai/BadSuccessor ) pour identifier les comptes ayant des permissions à risque pour remédiation.
[ dans les news infosec ]
⬇️
"SharpSuccessor PoC Released to Weaponize Windows Server 2025 BadSuccessor Flaw"
👇
https://gbhackers.com/sharpsuccessor-poc-released/
How to test and detect the BadSuccessor attack on a Windows Server 2025 domain controller. #activedirectory #windows_server_2025
Windows Server 2025: Rights extension gap in AD
Akamai warns of an unpatched privilege escalation vulnerability in Windows Server 2025. Admins need to take action.
#ActiveDirectory #IT #Security #Sicherheitslücken #Windows #WindowsServer #news
Windows Server 2025: Rechteausweitungslücke im AD
Akamai warnt vor einer ungepatchten Rechteausweitungslücke in Windows Server 2025. Admins müssen aktiv werden.
#ActiveDirectory #IT #Security #Sicherheitslücken #Windows #WindowsServer #news
iX-Workshop: Lokales Active Directory gegen Angriffe absichern
Lernen Sie, wie Angreifer Active Directory kompromittieren und wie Sie Ihre AD-Umgebung effektiv vor Ransomware und anderen Cyberangriffen schützen.
#ActiveDirectory #IdentityManagement #IT #iXWorkshops #Ransomware #Security #news
"While we appreciate Microsoft’s response, we respectfully disagree with the severity assessment."
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
#dMSA #ActiveDirectory #WindowsServer2025
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory#mitigation
How to Restore Active Directory Object | https://techygeekshome.info/how-to-restore-an-active-directory-object/?fsp_sid=23077 | #ActiveDirectory #Guide #Microsoft #security
https://techygeekshome.info/how-to-restore-an-active-directory-object/?fsp_sid=23077
How to Restore Active Directory Object | https://techygeekshome.info/how-to-restore-an-active-directory-object/?fsp_sid=23076 | #ActiveDirectory #Guide #Microsoft #security
https://techygeekshome.info/how-to-restore-an-active-directory-object/?fsp_sid=23076
iX-Workshop: Active Directory Hardening - Vom Audit zur sicheren Umgebung
Lernen in einer Übungsumgebung: Sicherheitsrisiken in der Windows-Active-Directory-Infrastruktur erkennen und beheben, um die IT vor Cyberangriffen zu schützen.
#ActiveDirectory #Cyberangriff #IdentityManagement #IT #iXWorkshops #Passwörter #Sicherheitslücken #Security #news
If you work in #IT in #Education then you now have a new bunch of AI #GroupPolicy you should configure.
"Allowed severity of sexual content", "Allowed severity of self-harm content".
Things I never thought would be a setting on Microsoft software running on millions of computers. Eergh.
If they are missing, deploy latest Office ADMX. Sorry for photo of a screen, I couldn't social from that network.
#Enshittification #AI #CoPilot #MicrosoftOffice #MicrosoftCopilot #Office365 #ActiveDirectory
Nice summary about DCOM coercion / cross-session activation techniques that can be used for NTLM and even Kerberos relaying: https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html #security #pentest #activedirectory
AWS Managed Microsoft ADを作成した後すぐにやるべき設定まとめ
https://qiita.com/yuki_ink/items/b3e07f3a2647b7a9c44f?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
Die 7. Folge unseres Podcasts ist da! 🎉
In dieser Episode sprechen wir mit Hagen Molzer, Leitender Berater und Experte für Active Directory Security, über das spannende Thema Tiering-Modell.
Wir klären, was sich hinter dem Begriff verbirgt, warum eine strukturierte Gliederung der IT-Infrastruktur nach Sicherheitsstufen heute so entscheidend ist und wie Unternehmen dadurch ihre Angriffsflächen deutlich reduzieren können.
Mit dabei:
• Praxisnahe Einblicke aus dem Beratungsalltag
• Anschauliche Beispiele
• Hilfreiche Tools wie BloodHound und PingCastle
• Tipps für den Einstieg in ein sicheres Tiering-Konzept
Perfekt für alle, die IT-Sicherheit strategisch denken und nachhaltige Schutzmaßnahmen etablieren möchten.
Höre gerne rein:
🎧 Spotify: https://open.spotify.com/show/63K9JjKKOdewLx2Ma0DuNE
🍏 Apple Podcast: https://podcasts.apple.com/de/podcast/it-security-inside/id1751424875
🌐 Unsere Website: https://cirosec.de/podcast/
#ITSicherheit #TieringModell #ActiveDirectory #CyberSecurity #Podcast #BloodHound #PingCastle #ITSecurityInside
Don’t miss our Active Directory course at @blackhatevents! Master techniques for infiltrating Windows Domains and put your skills to the test in an immersive hands-on lab environment. #Pentest #RedTeam #ActiveDirectory #BHUSA #Cybersecurity
Basic Active Directory Enumeration: A Comprehensive Guide
https://denizhalil.com/2025/05/05/basic-active-directory-enumeration-a-comprehensive-guide/
#activedirectory #grouppolicy #directoryenumeration #itmanagement #networksecurity #windowssecurity
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst