The Group Policy Preferences feature provides a well-known pathway for cyber attackers to discover easily decoded passwords in Active Directory. Learn to spot and defend against this vulnerability.
Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.
Discover how certificate template misconfigurations in Active Directory Certificate Services (AD CS) enable ESC1 attacks—allowing cyber attackers to rapidly escalate privileges and potentially compromise entire networks.
Permission delegation in Active Directory can be complex. Learn how you can use Windows password options with delegation management to support your user management structure without sacrificing AD security.
For most organizations, manually auditing and rolling back every risky Active Directory change isn’t practical—or even possible. Discover how the Auto Undo feature in DSP works to automate change mitigation to protect sensitive AD and Entra ID objects and attributes.
Cyber attackers can choose from numerous credential compromise methods to gain access to Active Directory. The Pass the Hash attack is one that is stealthy and efficient.
Two back-to-back incidents—part of a global increase in cyberattacks on healthcare organizations—followed common pathways to exploit AD security vulnerabilities.
From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…