Together with @pavelfor, we have created the ultimate guide and tooling for configuring host-based firewalls on #ActiveDirectory domain controllers in enterprise environments. Blocks most remote command execution and authentication coercion techniques.

New blog post covering the end-to-end automation of OAuth 2.0 service/daemon application registration in Microsoft Entra ID using PowerShell Graph SDK.

RT @CQUREAcademy: Here’s a recap from the CyberGen Conference with our expert @MGrafnetter 👀. Michael was there with a workshop on AD secur….

RT @DrAzureAD: My new blog post on getting plaintext gMSA secrets available at Credits to @PyroTek3, @MGrafnetter,….

RT @gentilkiwi: Maybe #mimikatz3 will be signed by @BurgerKingFR.

Here is a new custom administrative template (ADMX) for editing and auditing Microsoft Defender Attack Surface Reduction (ASR) policies, without being exposed to the rule GUIDs.

New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.

#DSInternals 5.0 is out. Supports recovery of BitLocker keys, LAPS passwords, DNS zone files, contact information, organizational structure, and OS versions from #ActiveDirectory ntds.dit files. Includes some performance improvements as well. Examples:

Here is a summary of the changes to SMB signing enforcement defaults in Windows Server 2025 and Windows 11 24H2:

Administrative registration of Passkeys (i.e. FIDO2 security keys or Microsoft Authenticator app) on behalf of other Microsoft Entra ID users is now possible using the new DSInternals.Passkeys #PowerShell module. #Passwordless

When I was offered a ride to Heidelberg, I wasn't expecting this. See you at ⁦@WEareTROOPERS⁩ Roundtables!

RT @PyroTek3: Domain Admin credentials delivered across the network to workstations and servers.

RT @SagieDulce: @MGrafnetter directed my attention to a new RPC filter capability!. Good job by @MSFTResearch / @Microsoft for this. I Hope….

Has anyone else noticed this ntdsutil typo, which has been present in Windows Server for as long as I can remember? It always catches my eye while creating #ActiveDirectory IFM backups, but is too silly to report to Microsoft Support. CC: @SteveSyfuhs

RT @CQUREAcademy: Meet @MGrafnetter, our Cybersecurity Expert, during his #MSBuild session taking place in Riyadh, Saudi Arabia. 📅 May 7.⏰….

RT @kmcnam1:

Listing all #FIDO2 security keys / #Passkeys registered in Microsoft Entra ID using Microsoft Graph #PowerShell SDK.#Passwordless

Extending Active Directory Users and Computers context menus with PowerShell.