Profile picture
, 6 tweets, 5 min read
My Authors
Read all threads
Mitigation: "Active Directory Configuration"
That's right. Tighten up AD and leverage to mitigate typical attack methods:
[thread follows]
* Block AD Admins from logging onto non-DA systems using GPOs
docs.microsoft.com/en-us/windows-…

* Add all AD Admins to the Protected Users group to provide additional protections (including Kerberos delegation attack mitigation)
docs.microsoft.com/en-us/windows-…

#ActiveDirectorySecurityTips
* Ensure appropriate AD auditing
adsecurity.org/?p=3377

* Review domain Administrators membership


* Review the "Default" GPOs for inappropriate rights
adsecurity.org/?p=3700

* Review AD permissions
github.com/cyberark/ACLig…

#ActiveDirectorySecurityTips
* Rotate local admin passwords using LAPS
adsecurity.org/?p=1790

* Block local account (including RID 500) network access to systems.
docs.microsoft.com/en-us/windows-…

docs.microsoft.com/en-us/windows-…

#ActiveDirectorySecurityTips
* Add service accounts to a group and restrict logon type via GPO (just realized I have never written about this)
experts-exchange.com/questions/2908…

#ActiveDirectorySecurityTips
There's more but this is a solid start.
A couple of previous tweets on this:





#ActiveDirectorySecurityTips
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Sean Metcalf

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#ActiveDirectorySecurityTips

More from @PyroTek3 see all

Profile picture
Sean (will be at DerbyCon)
@PyroTek3
Please share in this thread some defensive techniques that are relatively simple to configure/deploy that has a high success rate (low false positives).

I'll start:
* Detect Kerberoasting:
trimarcsecurity.com/single-post/Tr…

* Detect PW Spraying:
trimarcsecurity.com/single-post/20…

#BlueTeam
* Deploy LAPS to automatically rotate local Administrator passwords on Windows computers
adsecurity.org/?p=1790
microsoft.com/en-us/download…
* Test & Deploy "AaronLocker" for simplified AppLocker deployment
github.com/microsoft/Aaro…
Read 11 tweets
Profile picture
Sean Metcalf
@PyroTek3
[Thread]
Enterprise password vaults (CyberArk, SecretServer, etc) can be useful but when they store privileged AD credentials, the security of that system needs to be protected like a DC.
adsecurity.org/wp-content/upl…
When using the RDP (or RDP proxy), if the remote system the credential is used on is compromised, the credentials can be re-used (default). Changing the password mitigates reuse of the NTLM cred (pw hash), not existing Kerberos tickets (good for 10 hrs)
adsecurity.org/?p=2362
Limiting privileged account authentication to admin systems is critical, even with password vaults managing privileged credentials.
Even brief access to a privileged credential can result in full AD compromise.
adsecurity.org/?p=1929
Read 4 tweets

Related threads

Profile picture
Fasoranti Damilola
@FashDami
This 'Tiny' Thing Called Leverage Will Buy You The World.

Last year, I met a Liberian Lady at a conference in Johannesburg.

She came in almost toward the end of the program and I inquired why she still made it.

Her answer? Leverage! I asked her to explain.

#Thread
She said, "Fash, I want to travel to the US, and I have observed that any of us in my country that is able to get a SA visa and made the trip has a higher chance of getting a US visa."

I don't know if what she said is a fact or some joke, but I learned a major lesson.
In life, you may have have excellent skills and talents, but what you need may be just 1 letter as the leverage to open that major door.

Last year, I taught for 90 mins at TedxStellenbosch in Cape Town as the only International Speaker.
Read 14 tweets
Profile picture
J. A. Guerrero-Saade
@juanandres_gs
Ok, I have to admit this @Apple vs. @CorelliumHQ business just doesn’t sit right with me. Let me @ @tim_cook and pretend to have some meaningful engagement regarding Apple’s larger security dilemma. #Thread
Everyone knows I’m a huge Apple fanboy. Until the cheese grater Mac Pro came out, I more or less had one of every apple product in my house (with some wiggle room). While I may gripe about missing function keys, there’s no system I’d rather use than MacOS and iOS.
I’ve also, at diverse points in my career, had the privilege to report ongoing APT campaigns directly to Apple alongside colleagues (h/t @craiu) and was treated kindly by folks invested in securing the Apple ecosystem within the means available to them.
Read 14 tweets
Profile picture
Marc Owen Jones
@marcowenjones
[#Thread] 1/ This one is on #Iraq. A few people mentioned suspicious activity on Twitter and I had a look into a few hashtags. One in particular begins, "Show your support for the right of Iraq people to protest peacefully". I have little doubt there is an influence campaign...
2/ First, I just want to say this is not a commentary on Iraqi politics in general. I am not an Iraq expert, but I am interested in online opinion manipulation or campaigns. What follows is an analysis of tweets only...
3/I analysed about 16,700 tweets, replies, retweets from the hashtag I mentioned in Tweet 1. These tweets were produced by around 6,500 unique accounts. Most of the tweets were quite crude, and looked like what you see below, full of hashtags, some describing a 'revolution'>
Read 12 tweets
Profile picture
Peter Ebelsberger
@pebelsberger
#Thread -- Bildgeschichte Teil 3

Die Exekutive, wie schaut es da aus? Also die Regierung?
Gefällt mir. Minimal ist schon nicht so schlecht (allerdings nach dem alten Schema) Und der durchschnittliche Bezug ist auch genial. Und maximal ist es gedeckelt. Mittlerweile. Und dann gibts noch derzeit ca 66 Personen über 10.000 Euro (pro Monat) und 38 x knapp unter 10.000.
Und da sind wir auch bei den obersten Einkommensklasse daheim. Ist das Neid? Nein. Das ist ja nur die Realität. Die haben das verdient. Nach den derzeitigen Gesetzen passt das.
Read 23 tweets
Profile picture
Ryan McGreal
@RyanMcGreal
Thread: We need to talk about the fact that complicit conservatives are allowing white supremacists to gaslight the country. Here's how it works. 1/
The right-wing media ecosystem functions as an ideology-laundering operation for white supremacist ideas, incrementally funneling them from the margins into the mainstream. 2/
Right-wing media personalities give airtime and legitimacy to crazy conspiracy theories and absurd spins on hot-button issues, exposing them to a wider audience and desensitizing people to the implications of white supremacist ideas. 3/
Read 54 tweets
Profile picture
spigolonellanotte
@spigolonotturno
#Thread
Si alza l'asticella della provocazione. Il timore è che si voglia arrivare allo scontro sociale, ideale cortina fumogena per devastanti operazioni speculative e pretesto per la limitazione della libertà. L'alternanza delle dichiarazioni destabilizzanti è sempre più
frequente e impegna tutte le forze di governo. Le giustificazioni, invariabilmente insignificanti e ulteriormente irritanti. Non c'è più distinzione tra le parti, evidente segnale di un'organizzazione pianificata a tavolino, rivelatrice di un piano già pronto, prima ancora del
voto di marzo. Devono esserne al corrente anche coloro che ne appoggiano il disegno eversivo, fin dalla prima ora: giornalisti, opinionisti, anchorman. Difficile quindi, non tanto riuscire a far sentire voci antitetiche alla leadership, quanto rendere efficace il messaggio, in
Read 12 tweets

Trending hashtags

#Unimarc #OEstadaoMentiu #España #Salerno #PedroSanchez #BolsonaroTemRazao #assasinatos #JanainaPaschoal #trabalhoinfantil #BlogueiroBolsonaro #MINISTROdaCULTURA #Esp #foco #LaMarchaMasGrandeDeChile #ParoNacional #Fakesnews #Lega #ImpeachmentBolsonaro #EmbaixariaBrasileira #brasileiros #LBI #30MpelaEducacao #trabalhadores #criseDeSuez #tribunalEleitoral
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!