ADCS attack paths with #BloodHound by Andy Robbins and Jonas Bülow Knudsen

One thing we highlight with customers during assessments are agents installed on DCs. I’ve seen a poorly configured Tanium query hang every DC - effectively a DoS since AD doesn’t work if you can’t talk to a DC. It’s time to talk about what agents are on DCs & the risks

Hacker Summer Camp is just a couple weeks away & the Trimarc crew will be there! Trimarc Activities: * Office Hours (me) * Lightning Talks (Tech Brandon & me) * Microsoft Identity security Meet-up Want to join us? Signup here: trimarcsecurity.com/vegas-show *limited availability

If you have VMware ESXi and Active Directory in your environment, take 5 minutes now & create a group in each AD domain called "ESX Admins". Make sure that the "ESX Admins" group is in a top-level administrative OU that only your AD admins manage. #QuickFix

See you Blue Team Con in T-2 days!

I can't wait!

Slides from my Munich Cyber Tactics, Techniques and Procedures talk "A Decade of Active Directory Attacks - What We've Learned & What's Next" are now posted: trimarc.co/SeanTalkMCTTP2…

I had a blast speaking at BSides CT last weekend. What an awesome conference! I cant wait to see whats in store for next year.

GrrCON is right around the corner! See you there!

Make sure you stop by the Trimarc table at GrrCON to start getting directly active with your Active Directory security! #grrcon

Wild Wild West Hackin Fest is right around the corner! Im so ready for some good ol' "Break and Make!"

Im stoked to be presenting my new tool! See you all this week!

Need a quick set of useful red/purple team Active Directory tools .....and happen to be running a Debian based distro......? Well look no further! Here are 2 scripts to save you 3 seconds. #activedirectory github.com/dfirdeferred/R…

I created a wrapper/menu to make downloading and opening all of the Trimarc tools on github easier and in one place. Just run the script and select which tool you want to download/open. github.com/dfirdeferred/T… #trimarc #activedirectory

When it comes to Active Directory Security Descriptors, ignorance is NOT bliss... it can be a full-on SLASHER FLICK of misconfigurations 🔪 This Thursday, Jim Sykora shares insights we've learned across thousands of AD & Entra ID security assessments -- Tips that can arm you

New project: FlameScale OS. An operating system aimed at Active Directory/Windows security research. I will be adding more functionality weekly on Sundays. Get your hands dirty with it at the Trimarc Identity Security Village (AD Hacking Village) at Hackers Teaching Hackers Nov 13th-15th. github.com/dfirdeferred/F…

Do you allow your high privileged users in Entra ID (e.g. Global Admin) to register authentication methods themselves after initial setup? Do you, to detect malicious actions, monitor the addition of e.g. passkeys and follow up with the user?

Make sure you stop by the Trimarc ISV (Active Directory Hacking) today at Hackers Teaching Hackers Hackers Teaching Hackers. There might even be a second CTF flag there if you know where to look.....

New #AADInternals version is finally out now: ▪ Moved endpoint related stuff to new module: AADInternals-Endpoints ▪ Added blue team stuff: Get app consent info, find backdoors, convert SID<>Entra ID Object ID, find abusable dynamic groups ▪ Added red team stuff: Get ESTSAUTH

Super stoked to share that Jim Sykora and I will be leading an Active Directory Security course at BSides Charm 2025! We will cover Active Directory infrastructure, common misconfigurations, vulnerabilities and mitigations, and hands-on labs!