My new blog post on getting plaintext gMSA secrets available at o365blog.com/post/gmsa/ Credits to Sean Metcalf, 📔 Michael Grafnetter, Charlie Bromberg « Shutdown », and Andrew Mayo!

ever had the obscure need to lookup the UUID or named pipe corresponding to some specific Windows RPC interface? well, fear no more! here's a list of them all in one place :-) blog.jcspencer.net/rpc-interfaces/

Here is a new custom administrative template (ADMX) for editing and auditing Microsoft Defender Attack Surface Reduction (ASR) policies, without being exposed to the rule GUIDs. github.com/MichaelGrafnet…

Maybe #mimikatz3 will be signed by Burger King France

Here’s a recap from the CyberGen Conference with our expert 📔 Michael Grafnetter 👀 Michael was there with a workshop on AD security, a panel discussion on emerging trends & mitigation tactics, and a keynote presentation on how to ruin your security with a printer 📠 #CyberGen2025

New blog post covering the end-to-end automation of OAuth 2.0 service/daemon application registration in Microsoft Entra ID using PowerShell Graph SDK. dsinternals.com/en/entra-id-az…

PDQ SmartDeploy versions prior to 3.0.2046 used static, hardcoded encryption keys for cred storage. Low-privileged users could potentially access admin creds from registry or deployment files. Garrett unpacks his testing in his latest blog post. ghst.ly/4mjyuvw

The DSInternals PowerShell module just got an upgrade! 🔥 Updates include: ✅ Golden dMSA Attack ✅ Full LAPS support ✅ Trust password & BitLocker recovery key extraction ✅ Read-only domain controller database compatibility Read more from 📔 Michael Grafnetter. ghst.ly/412rZ7F

well, which is your favorite? learn.microsoft.com/en-us/windows/…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

If you publish your own powershell gallery modules you might have noticed your custom icon doesnt work anymore, the "IconUri" just doesnt render. They disabled it cause of me lol my bad I found an exploit that allowed me to grab every users email, user-agent, geo-location, ip

The DSInternals.RpcFilters PowerShell module for Windows RPC filter management is out! Includes support for the new OpNum matching capability of Windows Server 2025. Looking forward to community feedback. github.com/MichaelGrafnet…

Windows EventLog Remoting Protocol hardening using RPC filters: Block legacy MS-EVEN, restrict MS-EVEN6 to RPC over TCP/IP, and block the EvtRpcClearLog call (requires Windows Server 2025). And what is YOUR favorite RPC filter? #DSInternals

Fact: Remote service and scheduled task creation bypass firewalls on DCs and Win file servers because of SMB tunnelling. Solution: Create RPC filters that block MS-SCMR and MS-TSCH over named pipes. The latter has 3 UUIDs, so blocking the atsvc pipe is more elegant. #DSInternals

Securing Domain Controllers without breaking AD is harder than it sounds. 📔 Michael Grafnetter at Hybrid Identity Protection covers: ✅ IaC approach to Windows Firewall policy ✅ RPC filters & outbound traffic controls ✅ Hybrid environment challenges ✅ Network service discovery hipconf.com/agenda/

All of the #ActiveDirectorySecurityTips I posted here are now located on ADSecurity.org adsecurity.org/?tag=activedir…

"It’s easier said than done, blocking outbound traffic. Inbound rules work, but outbound rules don’t cover everything. There are some issues, some gotchas." - 📔 Michael Grafnetter speaking on how to secure Domain Controllers without breaking Active Directory at #HIPConf25.

SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends: specterops.io/blog/2025/10/2…

Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs: runzero.com/blog/introduci…