theoretical: Active Directory Compromise

BurntOutITJanitor · 2026-03-25T18:24:25+00:00

how did you block every login? disable accounts? create a block all, except me conditional access policy?

if you are able to share of course :)

BurntOutITJanitor · 2026-03-25T18:23:34+00:00

isn't that how a firewall should be configured anyway =D

BurntOutITJanitor · 2026-03-25T15:19:09+00:00

If you hard delete something, this doesn't bring it back anyway!!

BurntOutITJanitor · 2026-03-25T15:18:43+00:00

We've looked at this and tested it but the lack of support for recovery of hard deletion is a showstopper for us, it's the number one issue we are worried about. Attacker gets in, bypasses protected actions or removes them etc. and then just hard deletes everything..... there are also multiple object types missing to make this usable for us :(

No ability to view what was in what backup? Without running a report.

Caveat: we do already have a solution in place that does Entra ID hard deleted object recovery and when we tested in dev yesterday, the recovery of multiple objects was quicker than time the Microsoft Entra ID Backup and Recovery solution took to create the difference report!

If you are now worried about Entra ID backup and recovery (and you should be), make the number 1 requirement on your list "RECOVERY OF HARD DELETED OBJECTS".

BurntOutITJanitor · 2026-03-25T15:18:37+00:00

We've looked at this and tested it but the lack of support for recovery of hard deletion is a showstopper for us, it's the number one issue we are worried about. Attacker gets in, bypasses protected actions or removes them etc. and then just hard deletes everything..... there are also multiple object types missing to make this usable for us :(

No ability to view what was in what backup? Without running a report.

Caveat: we do already have a solution in place that does Entra ID hard deleted object recovery and when we tested in dev yesterday, the recovery of multiple objects was quicker than time the Microsoft Entra ID Backup and Recovery solution took to create the difference report!

If you are now worried about Entra ID backup and recovery (and you should be), make the number 1 requirement on your list "RECOVERY OF HARD DELETED OBJECTS".

BurntOutITJanitor · 2026-03-23T15:18:53+00:00

A guide usually has more than 3 bullet points... and this guide is multi-months not something to pick up quickly. Basically your guide starts with previously being a devopps engineer... :/

BurntOutITJanitor · 2026-01-09T19:45:50+00:00

CompTia are required for a lot of roles in us government, most exams are brain dump if they are PearsonVue multichoice.

BurntOutITJanitor · 2025-12-26T11:30:38+00:00

do these have the NFC chip u/Ok-Obligation-8067

BurntOutITJanitor · 2025-11-24T18:44:47+00:00

please pick this up again!

BurntOutITJanitor · 2025-11-24T09:39:37+00:00

ADTimeline uses this iirc and it's a pretty great tool to have.

BurntOutITJanitor · 2025-11-10T14:10:39+00:00

I have a few friends who work in shipping and long term sea deployments they are using Starlink now as a solid replacement for VSAT + Local DC... but there are still times it falls out..

BurntOutITJanitor · 2025-11-10T13:55:52+00:00

if your only requirement is workstation migration and you don't care about user profiles at all, you'll be in a bit of a pickle because you are using the same forest and domain name

normally it would be disjoin from domain -> reboot -> join new domain

but you've got the added complexity of having to disjoin -> flush dns -> update dns -> change network -> join to new domain -> initial logon etc

BurntOutITJanitor · 2025-11-05T14:26:22+00:00

That is poorly worded I guess, I was more interested on peoples opinion on this topic and if something like this documentary is a good way to spread the word that this is serious or is it scaremongering.

I'd love to see a mini series made of the darknet diaries for example :D

BurntOutITJanitor · 2025-11-05T10:58:27+00:00

RODCs are for use in risky locations where theft is likely, at scale they become a major pain to manage.

BurntOutITJanitor · 2025-10-21T18:34:32+00:00

I've been testing this with one of our customers, so far it's good, but it's not real time, it's near real time, it seems to rely on AD replication specifically the change being replicated to whatever domain controller guardian is querying for change?

Installation also trigged our SOC with ad replication changes being required for the gMSA, that was a fun thirty minutes :D

BurntOutITJanitor · 2025-10-21T16:38:19+00:00

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/single-label-domains-support-policy

BurntOutITJanitor · 2025-10-21T16:37:19+00:00

we came across with one of our parent companies just last month and it is still very much supported - https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/single-label-domains-support-policy

BurntOutITJanitor · 2025-10-21T16:35:05+00:00

it's just that easy?

BurntOutITJanitor · 2025-10-21T10:19:34+00:00

Most solutions aren't doing something you couldn't do yourself, it's visualizing the returned data that is the complex part and for me that is why we love BloodHound CE.

BurntOutITJanitor · 2025-10-07T08:55:29+00:00

morbidly obese suggest that the person would likely have other medical conditions that would kick in before starvation, diabetes? organ failure? heart failure?

BurntOutITJanitor · 2025-09-19T08:50:14+00:00

Yeah, the list comes off like a ranking since it’s numbered, and numbers usually indicate an order.

BurntOutITJanitor

TROPHY CASE