mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

9.2K
active users

#ActiveDirectory

2 posts2 participants0 posts today

Since its inception in 2013 Microsoft's Active Directory Administrative Center has has a bug whereby if you have selected/highlighted one item (for example the first item at the to top a search result is highlighted automatically), and then you double-click another item on the list, the it will instead open the highlighted item, not the item you just clicked.

This makes it very easy to accidentally modify the wrong AD object if you don't double-check the details of the new window that's opened.

The discovery of this bug 10 years ago marked my decline and subsequent depletion of any remaining faith I had that Microsoft is in any way competent or beneficial, to anyone.

#microsoft #activedirectory

A couple of days ago, I unearthed my first #computer, an #MSX straight from the ‘80s. It was lost in some box in the basement for who knows how long. Just feeling its power switch gave me the goosebumps…

This discovery came after sharing my hacker’s origin story with Nic Fillingham and Wendy Zenone in a new episode of Microsoft’s #BlueHat #Podcast.

thecyberwire.com/podcasts/the-

Join us while we chat about my first-ever #CVE, overlooked #vulnerabilities that continue to pose significant risks today, #ActiveDirectory and #password security, my unexpected journey into #bugbounty hunting and my involvement in the #ZeroDayQuest, how to learn new things, mentorship and positive leadership, and of course pineapple pizza 🍍🍕

New Open-Source Tool Spotlight 🚨🚨🚨

GOAD (Game of Active Directory) by Orange-Cyberdefense is a lab for pentesting Active Directory environments. With multiple configurations like GOAD-Mini and SCCM labs, it helps security professionals practice AD attack techniques. Caution: Designed for isolated lab use only. #ActiveDirectory #Cybersecurity

🔗 Project link on #GitHub 👉 github.com/Orange-Cyberdefense

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

I started a list of tools, useful for pentesters and sysadmins alike, to gain a quick overview of potentially critical vulnerabilities and attack paths within an Active Directory domain.

Exploiting these vulnerabilities might provide pentesters with domain admin privileges rather quickly.

On the other hand, fixing these vulnerabilities is often not that difficult or time-intensive and can massively bolster the security of a domain.

ti-kallisti.com/general/ms/qui

Ti KallistiActive Directory Quick WinsSome quick and easy steps you can take to get an overview over your Active Directory and bolster its security

Как некомпетентная безопасница чуть не сорвала борьбу с инсайдерской угрозой

С яркой улыбкой и глубоким декольте она воодушевленно рассказывала коллеге в ИТ-отделе про киберугрозы. Харизма и энергия привлекали внимание, особенно мужчин, но скрывали слабые навыки. Год назад, работая в техподдержке за 40,000 рублей, она увидела вакансии ИБ-специалистов с зарплатами 100,000–200,000. Курсы по кибербезопасности казались пропуском в новую жизнь. Рекрутеры отказывали, пока она не попала на интервью к начальнику ИТ-отдела, не разбиравшемуся в безопасности. Энтузиазм и заученные термины сработали — так она стала безопасником в компании, поставляющей стройматериалы. Малый бизнес с 60 сотрудниками тратил деньги на зарплаты и ремонт офиса, а на безопасность оставался только бесплатный антивирус.

habr.com/ru/articles/902978/

ХабрКак некомпетентная безопасница чуть не сорвала борьбу с инсайдерской угрозойС яркой улыбкой и глубоким декольте она воодушевленно рассказывала коллеге в ИТ-отделе про киберугрозы. Харизма и энергия привлекали внимание, особенно мужчин, но скрывали слабые навыки. Год назад,...

New Open-Source Tool Spotlight 🚨🚨🚨

Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). #CyberSecurity #RedTeam

Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. #Pentesting #ActiveDirectory

Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. #InfoSec #PKI

🔗 Project link on #GitHub 👉 github.com/ly4k/Certipy

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️