The State of Identity Security in the AI Era — Read the Report here.
Back to blogs listing

Active Directory Security

Categories

Featured Articles

How to Automatically Undo Risky Changes in Active Directory
  • Huy Kha | Senior Identity & Security Architect
AD Security 101: GPO Logon Script Security
  • Daniel Petri | Senior Training Manager
AD Security 101: Non-Default Security Principals with DCSync Rights
  • Daniel Petri | Senior Training Manager

Chat with an expert

Modernize your AD

Request Demo

Download Purple Knight

Free Active Directory Security Assessment

Read more
Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool

Defending Against Cable: Prevent Malicious Use of Post-Exploitation Tool

  • Huy Kha | Senior Identity & Security Architect

Post-exploitation tools—such as Cable, the Active Directory-specific pentesting tool—are meant to educate security teams. But attackers use them too. Here’s how to detect and defend against malicious use of the Cable tool.

ESC1 Attack Explained

ESC1 Attack Explained

  • Huy Kha | Senior Identity & Security Architect

Discover how certificate template misconfigurations in Active Directory Certificate Services (AD CS) enable ESC1 attacks—allowing cyber attackers to rapidly escalate privileges and potentially compromise entire networks.

AD Security: How to Use Delegation of User Management and Windows Password Options

AD Security: How to Use Delegation of User Management and Windows Password Options

  • Guido Grillenmeier | Principal Technologist, EMEA

Permission delegation in Active Directory can be complex. Learn how you can use Windows password options with delegation management to support your user management structure without sacrificing AD security.

How to Automatically Undo Risky Changes in Active Directory

How to Automatically Undo Risky Changes in Active Directory

  • Huy Kha | Senior Identity & Security Architect

For most organizations, manually auditing and rolling back every risky Active Directory change isn’t practical—or even possible. Discover how the Auto Undo feature in DSP works to automate change mitigation to protect sensitive AD and Entra ID objects and attributes.

Pass the Hash Attack Explained

Pass the Hash Attack Explained

  • Huy Kha | Senior Identity & Security Architect

Cyber attackers can choose from numerous credential compromise methods to gain access to Active Directory. The Pass the Hash attack is one that is stealthy and efficient.

Hospital Cyberattacks Highlight Importance of Active Directory Security

Hospital Cyberattacks Highlight Importance of Active Directory Security

  • Michael Choo

Two back-to-back incidents—part of a global increase in cyberattacks on healthcare organizations—followed common pathways to exploit AD security vulnerabilities.

Introduction to Identity Forensics & Incident Response (IFIR)

Introduction to Identity Forensics & Incident Response (IFIR)

  • Huy Kha | Senior Identity & Security Architect

From my experience at Microsoft Detection and Response Team (DART), I know that ransomware operators almost always target high-privileged identities. Once attackers gain control, they use those identities to spread ransomware; for example, through Group Policy or PsExec. Ransomware attacks are usually loud and destructive, aiming to cause maximum impact…

Leveraging NIST CSF for Public Sector Cybersecurity

Leveraging NIST CSF for Public Sector Cybersecurity

  • Edward Amoroso

[Editor’s note: This article is a guest post by TAG CEO and founder Ed Amoroso.] Cybersecurity practitioners working for federal agencies in the United States know that they must learn to decode various acronyms such as FedRAMP, FISMA, RMF, and on and on. They must do so because the standards…