Nächste Woche: Sicheres Windows-Netz mit Tiering und PAWs

Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.

https://www.heise.de/news/Naechste-Woche-Sicheres-Windows-Netz-mit-Tiering-und-PAWs-10514105.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Hm... Die #Linux-Büchse ist im AD, man kann sich gegen das AD authentifizieren - aber im Gegensatz zu den Window-Schüsseln dauert es ewig ewig, bis ein "OK!" zurück kommt.

#ActiveDirectory
#Microsoft

Ende des Frühbuchertarifs: Sicheres Windows-Netz mit Tiering und PAWs

Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.

https://www.heise.de/news/Ende-des-Fruehbuchertarifs-Sicheres-Windows-Netz-mit-Tiering-und-PAWs-10485074.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

A complete terminal user interface (TUI) for LDAP

https://github.com/Macmod/godap

A single misstep in AD CS can hand attackers the keys to your entire domain—no passwords needed.

If your team installed Active Directory Certificate Services more than six months ago, your organization could be at risk.

Watch our new 4-minute video to see how a default setting enables low-privilege users to escalate all the way to domain admin and what you can do to reduce your risk. https://youtu.be/S59dNEPnJ4M

heise security Webinar: Sicheres Windows-Netz mit Tiering und PAWs

Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.

https://www.heise.de/news/heise-security-Webinar-Sicheres-Windows-Netz-mit-Tiering-und-PAWs-10456119.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#activedirectory

Really interesting podcast on using Azure PIM to control a bastion forest for on prem elevation with cloud credentials.
https://youtu.be/pWPCymLx9S4?si=HsHaU22dKJ7YbxFJ

RunAs Radio Episode 987 - Fixing a Security Vulnerability in Active Directory with Steve Syfuhs and host Richard Campbell.

https://runasradio.com/Shows/Show/987

How do hackers break into your network? Find out from the pros who do it every day!

In this week’s Cyberside Chats, @tompohl, head of penetration testing at LMG Security, joins @sherridavidoff to reveal how his team gains domain admin access in over 90% of tests.

From outdated Active Directory settings to risky legacy protocols, this episode is packed with real-world insights to help you reduce your organization’s risk. We’ll share:

The hidden vulnerabilities attackers love
Tips to harden your infrastructure
What penetration testers see that most defenders miss

Watch the full episode: https://youtu.be/VEeWkVBDDP8
Prefer audio? Listen to the podcast: https://www.chatcyberside.com/e/unveiling-the-secrets-of-penetration-testing/?token=6b16f323d00f32474ccfe6a7952ec47a

Windows Server 2025: Rechteausweitungslücke im AD

Akamai warnt vor einer ungepatchten Rechteausweitungslücke in Windows Server 2025. Admins müssen aktiv werden.

https://www.heise.de/news/Windows-Server-2025-Rechteausweitungsluecke-im-AD-10397566.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

"While we appreciate Microsoft’s response, we respectfully disagree with the severity assessment."

BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory

#dMSA #ActiveDirectory #WindowsServer2025
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory#mitigation

Be quick and become the 2nd follower of #EU_OS on #LinkedIn!

https://linkedin.com/company/eu-os/

I got told everyone on Mastodon uses already #Linux and the project to migrate from #Windows to Linux on the desktop would find a more relevant audience on LinkedIn.

Help EU OS to get what #Microsoft needs to make it go viral on LinkedIn: subscribe, comment, share widely!

I'd tell the guys at #Microsoft who designed Kerberos delegation in #ActiveDirectory to go to hell, but they're apparently already in it and very much intent on dragging in everyone with them...

LDAP Tool Box Service Desk 0.6.2 released!

LDAP Tool Box Service Desk is a web application for administrators and support teams. It allows to browse accounts in an LDAP directory, view and update their password and security status.

News on OW2 : https://projects.ow2.org/view/ldaptoolbox/ltb-service-desk-0-6-2-released/
Release on GitHub : https://github.com/ltb-project/service-desk/releases/tag/v0.6.2
Download : https://ltb-project.org/download.html

Is today #FediHire Friday? Sure looks like it!

What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large environment. Interested in relocating outside of the US. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively.

My main focus the last few years has been rebuilding and modernizing a struggling certificate management team. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack, getting a handle on our web PKI consumption, and making massive improvements to our certificate lifecycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My background in understanding deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've been training and teaching junior and mid-level engineers both practical PKI concepts and our specific enterprise requirements. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can do their best.

Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

PMs open if you want to talk details. Boosts/reshares appreciated.

My cloud identity team, made up of people who have only ever worked in cloud/SaaS IdP setups, has just been made responsible for an Active Directory environment.

Most of them are befuddled or panicking.

Me:

Am Dienstag: Das Active-Directory-Webinar von heise security

Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.

https://www.heise.de/news/Am-Dienstag-Das-Active-Directory-Webinar-von-heise-security-10278105.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon