Untitled attachment
https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/781/292/835/697/410/original/6e1466a6653ee63d.png
https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/781/292/835/697/410/original/6e1466a6653ee63d.png
Notices where this attachment appears
-
Embed this notice
Stephan Berger (malmoeb@infosec.exchange)'s status on Friday, 19-Jan-2024 19:35:00 JST 
Stephan Berger
I posted recently about how an attacker used a misconfiguration in ADCS (Active Directory Certificate Services) to gain Domain Admin rights within the network.
@JimSycurity made me aware of Locksmith [1]: A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.
Locksmith will find common issues and attack paths, and for many of them, give you cmdlets you can run to resolve the issues yourself, or you can allow Locksmith to make fixes for you.
@NaderZaveri from Mandiant informed me of the "Modern Attack Paths, Mitigations, and Hardening" guide, detailing the various attack paths against ADCS and how to mitigate them.
So folks, check out Locksmith and the guide from Mandiant to secure your ADCS environment. Good luck ☘️
[1] https://github.com/TrimarcJake/Locksmith
[2] https://services.google.com/fh/files/misc/active-directory-certificate-services-hardening-wp-en.pdf
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.