In the world of Active Directory security, 2026 is the year the “Compatibility Tax” finally comes due. For decades, Kerberos has quietly allowed a fallback to RC4 encryption. It was convenient, it was compatible, and, by modern standards, it is a massive security hole. With CVE-2026-20833, Microsoft has officially pulled the plug. We are currently in Read More …
Tag: microsoft
Beyond nslookup with .NET Sockets
This article introduces a professional-grade PowerShell script that identifies Domain Controllers using native .NET sockets, bypassing the overhead of standard administrative cmdlets. Most internal reconnaissance starts with finding the Domain Controllers. While a simple nslookup -q=srv _ldap._tcp.dc._msdcs.domain.local works, it has three major flaws: Hard-coding: It assumes you already know the domain name. Parsing: It returns Read More …
Cloud Formation Example
Imagine you’re a System Administrator tasked with setting up a new environment. Traditionally, this involves a long checklist: log into the console, click through menus to create a VPC, spin up three VMs, configure storage, attach security groups, and set up a load balancer. If you need a second environment for testing, you have to do Read More …
Active Directory Domain Services
Active Directory Domain Services (AD DS) is a critical component of Windows Server that provides a variety of directory services essential for managing and securing a network. It offers a centralized location for network administration, enabling organizations to store information about members of the domain, including users, groups, computers, and other resources. Key Features One Read More …
Beginner’s Guide to the Active Directory Tier Model
The Lateral Movement Highway If you read one of the latest States of Cybercrime report by Microsoft, one finding stands out above the rest: the leading factor in ransomware incidents is “insufficient privilege access and lateral movement controls.” Just so we are all on page 12 with each other, I am saying that Lateral Movement Read More …
The Necessary Security Model Refactor
The “Cloud First” reality necessitates shifting your mindset from the physical boundaries of ENIAD (Endpoint, Network, Identity, Applications, Data) to the logical boundaries defined by the Cloud Shared Responsibility Model. The things you protect are not just “Data,” but the entire environment that processes, stores, and governs that data. 1. Identity (The Gate) This remains the Read More …
CDR – Cloud Detection and Response
I have witnessed the evolution of security from a static, perimeter-focused discipline to a dynamic practice centered on data and identity. The shift to the cloud had been the most significant disruption, introducing a level of complexity that traditional security tools were never designed to handle. This is the operational reality that has given rise Read More …
RAMP – Rapid Modernization Plan
The Rapid Modernization Plan (RAMP) is a strategic framework developed by Microsoft to enhance the security of Active Directory (AD) environments. For someone new to IT, understanding RAMP is crucial, as it addresses the growing need for robust security measures in today’s digital landscape, particularly with the rise of cyber threats and the increasing use Read More …
Notes :: The Red Forest model
The Red Forest model, also known as the Enhanced Security Administrative Environment (ESAE), was a security design for Active Directory (AD). Think of AD as the central phone book and security guard for a company’s computer network. It keeps track of all users, computers, and their permissions. The Red Forest model was created to make Read More …
Navigating the Kubernetes Threat Landscape
The escalating adoption of Kubernetes and containerized assets has introduced complex security challenges, making anomaly detection difficult due to their highly dynamic nature. Microsoft Threat Intelligence reveals a concerning trend: attackers are increasingly exploiting unsecured workload identities to infiltrate these environments. A striking 51% of workload identities were inactive in the past year, representing a Read More …