Author's posts
Jun 05 2024
BSides Dublin – The Current State of Microsoft Identity Security: Common Security Issues and Misconfigurations – Sean Metcalf
We have an Identity problem and not the kind you think of when you look in the mirror. Attacks have shifted from the perimeter to the endpoints and now attackers have their sights on identity. This talk explores the issues with Identity security specifically the two most popular identity systems, Active Directory & Azure AD …
May 28 2024
DEFCON 2017: Transcript – Hacking the Cloud
May 28 2024
Detecting the Elusive: Active Directory Threat Hunting
This is “Detecting the Elusive: Active Directory Threat Hunting”, and I am Sean Metcalf. I’m the founder of Trimarc, a Security Company, a Microsoft-Certified Master (MCM) in Active Directory. There’s about 100 in the world. I’m also a Microsoft MVP. I’ve spoken about Active Directory attack and defense at a number of conferences. I’m a …
May 28 2024
Detecting Kerberoasting Activity
Kerberoasting can be an effective method for extracting service account credentials from Active Directory as a regular user without sending any packets to the target system. This attack is effective since people tend to create poor passwords. The reason why this attack is successful is that most service account passwords are the same length as …
May 28 2024
Detecting Password Spraying with Security Event Auditing
A common method attackers leverage as well as many penetration testers and Red Teamers is called “password spraying”. Password spraying is interesting because it’s automated password guessing. This automated password guessing against all users typically avoids account lockout since the logon attempts with a specific password are performed against against every user and not one …
May 28 2024
Hardening Azure AD in the Face of Emerging Threats
In September of 2021, Trimarc Founder & CTO Sean Metcalf presented at Quest’s The Experts Conference. “This presentation covers some attacks that involve Microsoft cloud on-prem components as well as those against the Microsoft cloud directly. After discussing attacks and specific defenses, I will wrap up with some key recommendations. Note: There will be some …
Recent Comments