I break Windows....
@DFIRdeferred
Followers
514
Following
1K
Media
64
Statuses
434
Spec Ops Army Vet, Ham Extra (satellites, sdr, dmr), Team Purple, Wireless Wizard, Creator of Identity Security Village
United States
Joined May 2020
⚠️ Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise | Read more: https://t.co/NZkzdqejST Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and
9
154
562
Super stoked to share that @JimSycurity and I will be leading an Active Directory Security course at BSides Charm 2025! We will cover Active Directory infrastructure, common misconfigurations, vulnerabilities and mitigations, and hands-on labs!
0
0
4
New #AADInternals version is finally out now: ▪ Moved endpoint related stuff to new module: AADInternals-Endpoints ▪ Added blue team stuff: Get app consent info, find backdoors, convert SID<>Entra ID Object ID, find abusable dynamic groups ▪ Added red team stuff: Get ESTSAUTH
7
122
419
Make sure you stop by the @TrimarcSecurity ISV (Active Directory Hacking) today at @hthackers Hackers Teaching Hackers. There might even be a second CTF flag there if you know where to look.....
0
2
2
Do you allow your high privileged users in Entra ID (e.g. Global Admin) to register authentication methods themselves after initial setup? Do you, to detect malicious actions, monitor the addition of e.g. passkeys and follow up with the user?
9
6
71
When it comes to Active Directory Security Descriptors, ignorance is NOT bliss... it can be a full-on SLASHER FLICK of misconfigurations 🔪 This Thursday, @JimSycurity shares insights we've learned across thousands of AD & Entra ID security assessments -- Tips that can arm you
1
6
18
New project: FlameScale OS. An operating system aimed at Active Directory/Windows security research. I will be adding more functionality weekly on Sundays. Get your hands dirty with it at the @TrimarcISV (AD Hacking Village) at @hthackers Nov 13th-15th. https://t.co/qO7BGuOZT8
github.com
OS designed for Active Directory Security Research - dfirdeferred/FlameScale-OS
0
2
5
I created a wrapper/menu to make downloading and opening all of the @TrimarcSecurity tools on github easier and in one place. Just run the script and select which tool you want to download/open. https://t.co/4Q0LbHCXNB
#trimarc #activedirectory
github.com
One tool to catch them all! Contribute to dfirdeferred/Trimarcisia development by creating an account on GitHub.
0
3
9
Need a quick set of useful red/purple team Active Directory tools .....and happen to be running a Debian based distro......? Well look no further! Here are 2 scripts to save you 3 seconds. #activedirectory
https://t.co/HxdRwPcV1P
github.com
A script to easily gather some other most popular tools (debian based distros) for red teaming Active Directory environments. - dfirdeferred/Red-AD-Tools-Debian
0
1
1
Im stoked to be presenting my new tool! See you all this week!
2 Trimarc team members will be speaking at @WWHackinFest about tools they've developed for the #infosec community! @DFIRdeferred will be presenting his new Purple Team/Adversarial tool, "ADAM and EVE," & @dotdotdotHorse will be speaking about "PowerPUG" 🐾 https://t.co/RiV1Pz1yZO
0
0
2
Wild Wild West Hackin Fest is right around the corner! Im so ready for some good ol' "Break and Make!"
🗓️ One week until we get to see everyone in Deadwood for @WWHackinFest! We're packing up our Backdoors & Breaches decks, shiny new stickers, & a flight of Ignis the Dragon squishies. 🐉 Save room in your bag so you can give a dragon a new, loving home! https://t.co/zgkUqoI9rJ
0
0
0
Make sure you stop by the @TrimarcSecurity table at @GrrCON to start getting directly active with your Active Directory security! #grrcon
0
2
8
GrrCON is right around the corner! See you there!
Heading to @GrrCON? 🌤️ Pack layers (high 79° low 54°), a refillable bottle, comfy shoes, a notepad/pen, your power bank, & STICKERS. Visit our booth to chat w/ the Trimarc crew & pick up an Ignis the Dragon squishy and Backdoors & Breaches expansion pack. https://t.co/SPlZZTOd91
0
0
1
I had a blast speaking at @bsidesct last weekend. What an awesome conference! I cant wait to see whats in store for next year.
0
0
0
Slides from my @MCTTP_Con talk "A Decade of Active Directory Attacks - What We've Learned & What's Next" are now posted: https://t.co/IOhVdRoNYb
4
98
239
I can't wait!
Yeehaw! We're proud to be a Silver Sponsor at @WWHackinFest October 9-11 in Deadwood, SD. The @BHinfoSecurity team always puts on a great show, and we're excited to see what they're cooking up for the conference theme (and for the vittles 🍲🍖). Trimarc Security will have a
0
0
2
If you have VMware ESXi and Active Directory in your environment, take 5 minutes now & create a group in each AD domain called "ESX Admins". Make sure that the "ESX Admins" group is in a top-level administrative OU that only your AD admins manage. #QuickFix
In today's WTF?!?!? moment When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights. So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors! https://t.co/U3DiXHWQMR
4
112
427
Hacker Summer Camp is just a couple weeks away & the Trimarc crew will be there! Trimarc Activities: * Office Hours (me) * Lightning Talks (@TechBrandon & me) * Microsoft Identity security Meet-up Want to join us? Signup here: https://t.co/rVrKSWlZaa *limited availability
trimarcsecurity.com
0
2
4
One thing we highlight with customers during assessments are agents installed on DCs. I’ve seen a poorly configured Tanium query hang every DC - effectively a DoS since AD doesn’t work if you can’t talk to a DC. It’s time to talk about what agents are on DCs & the risks
1) scenario 1 - devices affected did not have BitLocker and you could delete/rename the sys file. 2) scenario 2 - devices had BitLocker enabled and used an on-premises domain storage - your DC needed recovering first (hopefully you could boot that!) 3) scenario 3 your servers
2
5
42