Active Directory


Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.


Move users to another domain and retain AD Connect sync

We were recently asked for help by one of our clients that needed to separate a number of users from their existing domain by moving them into their own Active Directory forest. This can happen for all sorts of reasons, including divestments, security, geographical or division separation. Whatever the reason, they needed to move these users across into an entirely new AD domain.


How to sync users from a second domain using AD Connect

Do you need to integrate a new company in with your existing employer and therefore in to your already provisioned Azure AD tenant. Or perhaps just need to share your tenancy and office 365 services with more than one company, then you could find yourself in a position where you need to sync users from another domain and have already configured AD Connect, well there is a way to add the second domain to your current Azure tenancy, so you can sync those users from the second domain.


How to Monitor, Manage, and Secure Active Directory

Microsoft Active Directory (AD) is the nerve center enabling your federal agency to access the systems and applications staff members need to do their jobs. AD is also a high-risk target for inside and outside threats and can be a gateway for other potential security vulnerabilities. The key to protecting your agency’s AD is to have the right processes in place to maintain its integrity, know whether something is happening that shouldn’t be, and demonstrate compliance if required.


Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity. Zerologon is a vulnerability that affects the cryptographic authentication mechanism used by the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory.

Netwrix Auditor for Azure AD - Overview

Netwrix Auditor for Azure AD enables complete visibility into user actions, including user sign-in activity, in your Azure AD deployment. The application provides actionable intelligence about successful and failed sign-in attempts and critical changes to Azure AD users, groups, roles, contacts, applications, devices, licenses and more.

Advanced Active Directory attacks: Simulating domain controller behavior

There was a time when cyberattacks on identity and authentication infrastructures [like Active Directory (AD)] were immensely challenging to perform. A lot of forethought had to be put into devising a plan for the careful execution of attacks, and advanced technical knowledge of domains and networks was a requisite. Over time, with the advent of open-source pen testing tools, the knowledge gap and the complexities involved to carry out a full-scale cyberattack have narrowed drastically.


Zerologon: Windows Netlogon Vulnerability CVE-2020-1472

On August 11, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems (CVE-2020-1472). The vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory, could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services.