Lmst

Die 7. Folge unseres Podcasts ist da! 🎉

In dieser Episode sprechen wir mit Hagen Molzer, Leitender Berater und Experte für Active Directory Security, über das spannende Thema Tiering-Modell.

Wir klären, was sich hinter dem Begriff verbirgt, warum eine strukturierte Gliederung der IT-Infrastruktur nach Sicherheitsstufen heute so entscheidend ist und wie Unternehmen dadurch ihre Angriffsflächen deutlich reduzieren können.

Mit dabei:
• Praxisnahe Einblicke aus dem Beratungsalltag
• Anschauliche Beispiele
• Hilfreiche Tools wie BloodHound und PingCastle
• Tipps für den Einstieg in ein sicheres Tiering-Konzept

Perfekt für alle, die IT-Sicherheit strategisch denken und nachhaltige Schutzmaßnahmen etablieren möchten.

Höre gerne rein:

🎧 Spotify: https://open.spotify.com/show/63K9JjKKOdewLx2Ma0DuNE
🍏 Apple Podcast: https://podcasts.apple.com/de/podcast/it-security-inside/id1751424875
🌐 Unsere Website: https://cirosec.de/podcast/

#ITSicherheit #TieringModell #ActiveDirectory #CyberSecurity #Podcast #BloodHound #PingCastle #ITSecurityInside

Die 7. Folge unseres Podcasts ist da! 🎉

In dieser Episode sprechen wir mit Hagen Molzer, Leitender Berater und Experte für Active Directory Security, über das spannende Thema Tiering-Modell.

Nutzt wer #PingCastle für sein Active Directory? Dringend updaten, da es gravierende Schwachstellen gibt.

https://www.borncity.com/blog/2024/11/15/schwachstellen-in-netwrix-pingcastle-pro-enterprise-nov-2024/

Устраняем уязвимости в Active Directory Windows. Часть 1

Известно, что с 2025 года нужно переходить на отечественное ПО, но я думаю, что очень большое количество организаций ещё используют Windows. Поэтому считаю, что данная статья будет актуальна. В нашей статье основным инструментом позволяющим провести проверку безопасности AD будет PingCastle.

https://habr.com/ru/companies/timeweb/articles/827662/

#timeweb_статьи #pingcastle #иб #active_directory #Windows #ПО #HTML #RID #CONTINUE #SMB #SMBv1 #OU #ISE #GPO #Kerberos #DES #ID

A kind reminder from Andy Robbins and Jonas Bülow Knudsen to regularly assess the security of your Active Directory environment using tools such as Bloodhound and Pingcastle.

These tools are free to use. Do it! No excuses!

#bloodhound #pingcastle #cybersecurity #whenredmeetsblue #x33fcon

I can't recommend it enough. Check and harden your Active Directory with #PingCastle! This powerful tool identifies vulnerabilities, spots misconfigurations, generates a convenient, comprehensive report to guide your security efforts, and helps you ensure your Active Directory remains robust and secure. No installation required.
https://www.pingcastle.com/download/

#infosec #blueteam #pentesting

RT by @SwiftOnSecurity: Real-World #PingCastle Finding #14: Misconfigured Certificate Templates

The attackers gained Domain Admin rights within 2 hours after the initial infection on a recent IR engagement, investigated by @NOP_0x090. That’s quick - how could they gain DA so fast? I’m glad you asked.

SpecterOps published their ground-breaking paper “Certified Pre-Owned” over two years ago, and I think that ADCS (Active Directory Certificate Services) as an attack vector is broadly known on the red side - but not as much on the blue side.

See the screenshot below? Yep, that’s how they managed to gain DA rights in under 2 hours.

The topic of abusing misconfigured certification templates is far more complex than would fit here in a single tweet, so I encourage you all to

a) run PingCastle first and check for issues on certificate templates, and if something shows up,

b) check some of the great resources that talk about how an attacker can abuse the various misconfigurations and how we can detect them (or how to fix the misconfigurations). Some recommended blogs are [2], [3] and [4]

Good luck ☘️

[1] https://posts.specterops.io/certified-pre-owned-d95910965cd2 [2] https://www.riskinsight-wavestone.com/en/2021/06/microsoft-adcs-abusing-pki-in-active-directory-environment/ [3] https://m365internals.com/2022/11/07/investigating-certificate-template-enrollment-attacks-adcs/ [4] https://www.blackhillsinfosec.com/abusing-active-directory-certificate-services-part-one/

🐦🔗: https://nitter.oksocial.net/malmoeb/status/1744770135964237840#m

[2024/01/09 17:16]

Real-World #PingCastle Finding: Misconfigured Certificate Templates

The attackers gained Domain Admin rights within 2 hours after the initial infection on a recent IR engagement, investigated by @NOP_0x090. That's fast - how could they gain DA so fast? I'm glad you asked.

SpecterOps published their ground-breaking paper "Certified Pre-Owned" over two years ago, and I think that ADCS (Active Directory Certificate Services) as an attack vector is broadly known on the red side - but not as much on the blue side.

See the screenshot below? Yep, that's how they managed to gain DA rights in under 2 hours.

The topic of abusing misconfigured certification templates is far more complex than would fit here in a single tweet, so I encourage you all to a) run PingCastle first and check for issues on certificate templates, and if something shows up, b) check some of the great resources that talk about how an attacker can abuse the various misconfigurations and how we can detect them (or how to fix the misconfigurations). Some recommended blogs are [2], [3] and [4]

Good luck.

[1] https://posts.specterops.io/certified-pre-owned-d95910965cd2
[2] https://www.riskinsight-wavestone.com/en/2021/06/microsoft-adcs-abusing-pki-in-active-directory-environment/
[3] https://m365internals.com/2022/11/07/investigating-certificate-template-enrollment-attacks-adcs/
[4] https://www.blackhillsinfosec.com/abusing-active-directory-certificate-services-part-one/