Series on Kerberos Security
Overview: https://t.co/Df1LwWRlb1
Credential Access: https://t.co/tCjLVILVpx
User Impersonation: https://t.co/6LGkaSmsRv
Delegations: https://t.co/0cGtt6aGGm
Microsoft Entra ID just flipped a switch: passwordless is now the default sign-in experience for millions of users. Here's what changed and why IT leaders need to pay attention. 🧵 #MicrosoftEntra
Recommended reading: DART lessons on securing Active Directory.
Highlighting some of the most common issues seen in Active Directory environments.
Weak passwords, excessive privilege and poor credential hygiene, insecure account configuration...
https://t.co/mMHtB0e122
Must read: still one of my favorite blogs illustrating how to pivot around with the three-headed dog Kerberos and what TTP’s and weaknesses exist..
#ActiveDirectory#AzureAD#Kerberos#identity
https://t.co/skwl5D5tXY
I like to do an RDP connection with my fido2 security key. With PIN and fingerprint it is working perfect but not with the security key! Does someone have an idea? @TruBluDevil and @AlexFilipin
https://t.co/jpbTmM4cLw
What does "Customize continuous access evaluation
- disable" really mean? I thought it disables CAE, but I was wrong😬We realized when CAE is enabled legacy authentication automatically get blocked. So we just switch the policy Off. Can you explain that? @AlexFilipin
@JefTek@JefTek many thanks for the link, it is quite helpful. What is the difference between KeyCredential and PasswordCredential? From the Azure Apps I only now secret and certificate. Can you help me in this? many thanks
Fresh out of MSIgnite - @sarahhandler presents new features coming to Azure AD Conditional Access! My favorite will be Conditional Access Policy Conditions for Service Principals (AKA workload identities) https://t.co/0C3FPcZWVn
👏 @CISAJen 👏-- password-only authentication is a relic of the past. ALL administrative access should be protected by multifactor authentication, ideally based on FIDO Security Keys. No matter how small your service is, hackers will exploit and/or use this to move laterally 🔐