Conversation

Notices

1. Embed this notice
   Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Friday, 19-Jan-2024 19:34:54 JST Jake Hildreth (acorn) :blacker_heart_outline:

   in reply to

   • Jim Sykora
   • Stephan Berger
   • Nader Zaveri

   @malmoeb @JimSycurity @NaderZaveri Hi! Thanks for shari my Locksmith!

   • Embed this notice
     Stephan Berger (malmoeb@infosec.exchange)'s status on Friday, 19-Jan-2024 19:35:00 JST Stephan Berger

     • Jim Sykora
     • Nader Zaveri

     I posted recently about how an attacker used a misconfiguration in ADCS (Active Directory Certificate Services) to gain Domain Admin rights within the network.

     @JimSycurity made me aware of Locksmith [1]: A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.

     Locksmith will find common issues and attack paths, and for many of them, give you cmdlets you can run to resolve the issues yourself, or you can allow Locksmith to make fixes for you.

     @NaderZaveri from Mandiant informed me of the "Modern Attack Paths, Mitigations, and Hardening" guide, detailing the various attack paths against ADCS and how to mitigate them.

     So folks, check out Locksmith and the guide from Mandiant to secure your ADCS environment. Good luck ☘️

     [1] https://github.com/TrimarcJake/Locksmith
     [2] https://services.google.com/fh/files/misc/active-directory-certificate-services-hardening-wp-en.pdf