Profile picture
Sean Metcalf
@PyroTek3
, 4 tweets, 2 min read Read on Twitter
[Thread]
Enterprise password vaults (CyberArk, SecretServer, etc) can be useful but when they store privileged AD credentials, the security of that system needs to be protected like a DC.
adsecurity.org/wp-content/upl…
When using the RDP (or RDP proxy), if the remote system the credential is used on is compromised, the credentials can be re-used (default). Changing the password mitigates reuse of the NTLM cred (pw hash), not existing Kerberos tickets (good for 10 hrs)
adsecurity.org/?p=2362
Limiting privileged account authentication to admin systems is critical, even with password vaults managing privileged credentials.
Even brief access to a privileged credential can result in full AD compromise.
adsecurity.org/?p=1929
Important Steps:
1. Reduce accounts with AD admin rights
2. Restrict where privileged accounts use credentials
3. Limit systems & accounts with the ability to install/run code on admin systems, DCs, pw vaults, etc
4. Restrict network comms to admin systems incl. password vaults
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Sean Metcalf
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Katharine Child
@katjanechild
#Thread There may have been sabotage last week, but a look at the power utilities report to Nersa paints Eskom on the brink of collapse. Eskom's own report describes a litany of severe faults with the new power stations' most important components...
So problem one is the technology Medupi was built with which is very modern technology... Way mismatched to the low grade coal quality in the ground at Lephalale. The Eskom report details poor coal is damaging every part of Kusile and Medupi.
Then Eskom admits that design and technical requirements are not met. The Mills to pulverise coals don't meet technical specs. The boilers' design means they overheat. Coal damages them. The filter plant to filter fumes is damaged by coal & excess ash builld up & trips often.
Read 11 tweets
Profile picture
AeroDynamic Women
@AeroWomen
#Thread of responses from women in aerodynamics to the question, 'what would you like to see in order for women's career progression in your field to be sustained and better supported?'

Responses incl. career flexibility, mentoring and more women in leadership roles #WomeninSTEM
1. "I think young female engineers need to see more female role models and mentors in my field. Having a visible example of someone that looks like you and is succeeding in their field is important. Having an opportunity to meet with a mentor like that can be very powerful."
2. "I would like to see that any career promotion is based on own merits and value added to the company or the society independently of the gender. I want that women are measured with the same rules as men and are given equal opportunities."
Read 68 tweets
Profile picture
AeroDynamic Women
@AeroWomen
2nd #Thread of responses from women in aerodynamics to the question, 'what do you currently see as being the major obstacle to women entering your field?'

Responses incl gender career stereotypes from an early age, lack of self-esteem and lack of female role models #WomeninSTEM
1. "I think that there is not enough awareness of female role-models in my field. There need to be more initiatives that allow young women to connect with female role-models so that they can be inspired and motivated to follow in their footsteps."
2. "Discouragement from teachers in high school to pursue a STEM career and an unwelcoming atmosphere in technical universities."
Read 86 tweets
Profile picture
I am ToRe 🎙️
@Tore_says
#Thread If I were Obama.
If I was Obama on January 5, 2017 sitting in the WH meeting with my AG, FBI, DOJ, Perkins Coie Counsel, WH counsel, ODNI, CIA etc.. with a portfolio of data we manufactured, collated, paid for and collected and an EO I had just singed in Dec of 2016 (1)
An Executive Order that makes it the law of the land "Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities" calling our #russia and all the entities we referenced in our "Portfolio" (2)
govinfo.gov/content/pkg/FR…
A portfolio we had in our hands that was lack luster, circular and completely manufactured... If I was Obama I would gear up and call upon all those "of our unique and comprehensive system of alliances and partnerships" to join me. To join me (3)
Read 32 tweets
Profile picture
Tu sais pas quoi ?!©
@tuCpakoa
#Thread #Histoire #Art #MichelAnge
La chapelle Sixtine, du nom de son concepteur le pape "sixte" IV, se trouve sur la colline du Vatican (en face des "7 collines de Rome") où, au 1er s, un cirque présentait des courses de chars et voyait des chrétiens persécutés (dont selon la tradition, l'apôtre Pierre lui-même).
Le neveu de Sixte IV, Jules II, était un pape guerrier, toujours prêt à partir se battre pour son territoire, ce qui lui valu les surnoms de "pape-soldat" ou encore "Jules César II". On dit "qu'il préférait les bruits de canons à la prière".
C'est lui qui engagea Michel-Ange.
Read 16 tweets
Profile picture
AltFDA
@alt_fda
#DallasThread #Thread #Hurricane #HurricaneFlorence #Flood #Cleanup As the flood waters recede, I want to talk to you about cleaning up. I have received training in disaster relief and sadly have had to use this training.
While this thread is not in-depth, it will be most useful info in one place that I think you will find. It’s also a bit long. Sorry not sorry 😬
Let’s start out by stating the obvious, unless you are saving another human, nothing is worth risking personal sickness or your life for. You must protect yourself first in disaster areas. If it takes another day to get the right gear, wait that day.
Read 47 tweets

Trending hashtags

#Venezuela #HurricaneFlorence #CitiCBS #imawarrior #autonomous #Bonus #phew #SanatanaDharma #DigitalEconomy #Champs #October18ReleaseNotes #ChooseMedicare #WomeninSTEM #Aadhaar #GiletsJaunes #manifestation #Berlaymont #GreenNewDeal #ToldYouSo #StopLeavingNeverlandNOW #BAC #Flic #MedicareExtra #KeralaFloods #LittleDonald
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!