Active Directory & Azure AD/Entra ID Security

Active Directory & Azure AD/Entra ID: Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Category: Mitigation

Mar 02 2026

Detecting Fake Active Directory Password Changes

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Mitigation, PowerShell

In Active Directory, there has been a method that’s been around for many years which changes the password last set date but not the actual password. This is what I call a “fake password change” since the account appears to have a recent password when scanning for old passwords based on password last set, but …

ActiveDirectory, ActiveDirectoryReplicationMetadata, FakeADPasswordChange, FakePasswordChange, PowerShell, pwdlastset, unicodepwd

Jan 20 2026

Active Directory Security Tip #16: Mitigating Kerberoast Attacks

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Mitigation, PowerShell, RealWorld

There are two main password attacks leveraged by adversaries; one is called Password Spraying and the other is called Kerberoasting. This post focuses on identifying accounts that may be targeted for Kerberoasting and how to harden the environment against Kerberoasting.

ActiveDirectory, ActiveDirectorySecurityTip, Kerberoast, kerberoasting, MitigateKerberoastAttack, PowerShell

Jan 31 2016

Microsoft EMET 5.5 Released – Benefits, New Features, Protection, Logging, & GPO Config

By Sean Metcalf in Microsoft Security, Mitigation

Microsoft recently released Enhanced Mitigation Experience Toolkit (EMET) version 5.5 (it jumped from 5.2 to 5.5) which includes Windows 10 compatibility and better GPO support (among others). I’ve included information from a variety of Microsoft sources in this post so that others don’t have to search for the data separately. The resources/references are listed at …

ASLR, Blocking Untrusted Fonts feature, Bottom-up ASLR, caller checks, CertTrust.xml, DEP, EAF, EAF/EAF+, EAF/EAF+ perf improvements, EMET, EMET Event Logging, EMET5.5, EMET55, EMETWindows10, EMET_Conf, Enhanced Mitigation Experience Toolkit, Enhanced Mitigation Experience Toolkit (EMET) 5.5 Beta User Guide, EnhancedMitigationExperienceToolkit, Export Address Table Access Filtering (EAF), Export Address Table Access Filtering Plus (EAF+), Heap Spray, HideEMET, HideEMETIcon, Load Library, Mandatory ASLR, Memory PRotection, Microsoft EMET Service, MicrosoftEMET, MicrosoftEMET5.5, NULL Page, Popular Software.xml, Recommended Software.xml, SEHOP, Simulate executionflow, stack pivot, Untrusted font mitigation, untrusted fonts, Windows10, \SOFTWARE\Policies\Microsoft\EMET

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2025.

Made with by Graphene Themes.

Category: Mitigation

Detecting Fake Active Directory Password Changes

Active Directory Security Tip #16: Mitigating Kerberoast Attacks

Microsoft EMET 5.5 Released – Benefits, New Features, Protection, Logging, & GPO Config

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

Category: Mitigation

Detecting Fake Active Directory Password Changes

Active Directory Security Tip #16: Mitigating Kerberoast Attacks

Microsoft EMET 5.5 Released – Benefits, New Features, Protection, Logging, & GPO Config

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright