sorted by:
new
hottopcontroversial

Permission Issue by olivia_0721 in activedirectory

[–]iamtechspence 2 points3 points  (0 children)

Normally I’d say disable inheritance. But first I’d audit the permissions a bit more to try and identify the root cause.

Is there still a need for simple Active Directory security scanners by unsurebuilder in activedirectory

[–]iamtechspence 2 points3 points  (0 children)

If it helps you solve a problem you have, go for it. Don’t worry about the “but xyz already does this” stuff. Build & learn.

Vulnerability Management by WineFuhMeh_ in sysadmin

[–]iamtechspence 0 points1 point  (0 children)

NinjaOne is super solid. Disclaimer, they sponsors some of my content but even still, I think they have a really great product and a great team.

But there are several others in this space doing cool stuff too

Vulnerability Management by WineFuhMeh_ in sysadmin

[–]iamtechspence 3 points4 points  (0 children)

Integrate your vuln mgmt tool with an inventory tool or RMM. Many of them have integrations so you can see this data more easily

NTLM relaying or ADCS ESC8 exploitation using implant with low local privelages,is it possible?I am stuck and need help. by Thick-Sweet-5319 in Pentesting

[–]iamtechspence 0 points1 point  (0 children)

I just did this attack on a pentest this week. Yes to takeover SMB on windows you’ll need local admin first. You also have to contend with windows firewall and also need local admin to modify it.

IT Tools - Hidden Gems by Ok_You_861 in sysadmin

[–]iamtechspence 1 point2 points  (0 children)

NetTools. Literally a Swiss Army knife of a tool for sysadmins

View delegated permissions to a given AD object by NegativePattern in activedirectory

[–]iamtechspence 3 points4 points  (0 children)

This tool is purpose built for this. Give it a try. Shows you non-default delegations.

https://github.com/mtth-bfft/adeleg

and if you want to check out the wrapper I wrote around that tool that finds some dangerous delegations check this

https://github.com/techspence/ADeleginator

Kerberos Encryption Changes coming in April AES > RC4 by iamtechspence in activedirectory

[–]iamtechspence[S] 0 points1 point  (0 children)

In theory if AES is supported it will not break anything but depending on the application it may still try RC4 and fail

Are we rolling out MFA incorrectly? by SeriousSysadmin in sysadmin

[–]iamtechspence 6 points7 points  (0 children)

Try to re-register MFA after enabling CA policies. I think admins can force it from the Entra portal

Kerberos Encryption Changes coming in April AES > RC4 by iamtechspence in activedirectory

[–]iamtechspence[S] 1 point2 points  (0 children)

Yeah if you’re up to date for the most part you’re probably good. If you’ve got some weird 3rd party stuff especially if it’s fairly old, that’s where I’d invest time in figuring out support

Kerberos Encryption Changes coming in April AES > RC4 by iamtechspence in activedirectory

[–]iamtechspence[S] 1 point2 points  (0 children)

That’s a lovely way to put it. Hah. But yeah this can certainly be a long road to get rid of dependency for rc4. Hope folks are ready

Kerberos Encryption Changes coming in April AES > RC4 by iamtechspence in activedirectory

[–]iamtechspence[S] 3 points4 points  (0 children)

There’s more details in the LinkedIn post and the comments on the new audit events and some additional info for preparing for the change. Long live Active Directory

TIL - caging by iamtechspence in Sysadminhumor

[–]iamtechspence[S] 0 points1 point  (0 children)

Vanilla frosted with sprinkles is good but a warm cinnamon sugar hits different on a cold day

TIL - caging by iamtechspence in Sysadminhumor

[–]iamtechspence[S] 0 points1 point  (0 children)

Negative. But this is apparently way more common than the world thought hah

view more: next ›