Do you have lots of domains or lots of RODCs in an AD domain? Would you like to reset the pwd of ALL KRBTGT accounts in controlled & automated manner following certain schedule & interval to combat against Golden Ticket attacks? That’s coming, stay tuned! #BeSecure #StaySecure

1/3 - KRBTGT RESET SCRIPT Testing KrbTGT reset script with focus on Password Reset Routing having very tight intervals (3 days for first & 1 day for second). Works like magic. Really exciting seeing this work.

2/3 - KRBTGT RESET SCRIPT Want to test with some large number of accounts. Pre-created 500+ RODCs & with that got same amount of KrbTGT accounts. It looks very promising!

3/3 - KRBTGT RESET SCRIPT Of course not enough. While this is being tested, in other AD forest, as we speak pre-creating 10000+ RODCs to get same amount of KrbTGT accounts. I just want to see what blows up first! 1) the script?, 2) the VM(s)?, 3) the host? Place your bets! 😁

Still testing….. due 2 huge amounts of KrbTGT accounts & trials I found issue that required fixes. Retrying again. It looks very promising! Almost done processing 10000+ KrbTGT accounts through Pwd Reset Routing. Have 2 let it run 2 see whole process complete over nr of days! 👌

!!! PATCH PATCH PATCH !!! Yet another vulnerability where it’s very important 2 keep up with patching. Not able 2 patch? => Review membership of “Network Configuration Operators” security group, restrict membership & monitor membership changes Details: cybersecuritynews.com/poc-exploit-ac…

(2025-04-15) When All Else Fails Trying To Recover Your AD - Possible Combinations Of Choices Resulting In Painful Experience(s) jorgequestforknowledge.wordpress.com/2025/04/15/whe… via JsQ4Kn0wledge

(2025-04-21) Upgrading Your Legacy AD When You Are Too Far Behind - A Possible Scenario jorgequestforknowledge.wordpress.com/2025/04/21/upg…

(2025-05-19) The Migration Case When Your OCSP Tells You "Access Denied" (Event ID 23) jorgequestforknowledge.wordpress.com/2025/05/19/the… via JsQ4Kn0wledge

Are you ready to be hip at HIP in Charleston (SC, USA)? Register here for the upcoming Hybrid Identity Conference 2025. 👇 register.hipconf.com/event/8c5e23fe… #TeamSemperis #BeSecure #StaySecure #BeResilient

(2025-05-25) Reviewing Your Delegation Model Before Introducing W2K25 DCs And Enhancing Security (Due To "BadSuccessor") jorgequestforknowledge.wordpress.com/2025/05/25/rev…

Secure your default domain administrator (RID 500) account! For guidance see (at the top page using this link): jorgequestforknowledge.wordpress.com/blog-post-seri…

The proof of asking difficult questions at TROOPERS Conference during the session of Dr. Nestori Syynimaa

(2025-06-27) Well-Known Containers In An AD domain – How To Restore And/Or Repair As Needed? jorgequestforknowledge.wordpress.com/2025/06/27/wel…

1/2 1st conf day @ Troopers 2025, in AD/EntraID sec track, delivered my session “Demystifying (M)SAs: Unveiling Best Practices And Security Measures To Reduce Risk And Impact”. Shortly after start room filled up completely. HONORED to have lots of people attending & ask questions

2/2 1st conf day @ Troopers 2025, for the evening I had signed up for some story telling. “Once upon a time when I fixed an AD domain that had self-detonated!” TROOPERS Conference

(2025-07-10) Re-Awarded for the 20th Time – MVP Identity & Access And This Year Also PowerShell jorgequestforknowledge.wordpress.com/2025/07/10/re-…

(2025-07-11) How to Block BadSuccessor: The Good, Bad, and Ugly of dMSA Migration jorgequestforknowledge.wordpress.com/2025/07/11/how…

(2025-09-02) From BadSuccessor To PatchedSuccessor jorgequestforknowledge.wordpress.com/2025/09/02/fro…

(2025-10-21) Managing The DSRM Administrator Account Password (Revisited) jorgequestforknowledge.wordpress.com/2025/10/21/man…