See all tags.
Below is info from a really old internal doc I kept at one of my past jobs, but it gave our customers some ideas for traffic they might want to filter on their egress Internet connection to keep potentially bad stuff away.
_wald0 has a helpful tweet on preventing Kerberoasting. Also, this article from MS shares "a practical way to clean up dead SPNs in Active Directory," and authored a script to help in the cleanup efforts as well.
Local Administrator Password Solution (LAPS) "is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it."
A 7MinSec customer reported this was an effective way to remove the ability for attackers to play games with stored procedures:
An awesome tool for abusing ADCS. Check out the awesome accompanying wiki for attack syntax.
