AD Object Detection: Detecting the undetectable (dynamicObject)

What an auditor want to make sure is that you have non-repudiation in place. This also applies to forensic work. You want to make sure you can track the activity to a person and to do that we need to first identify the user account. But what if it just has disappeared from Active Directory?…

0

Forensics: Active Directory ACL investigation

A Couple of Sensitive Spots Active Directory are full of delegated rights and permissions that grant privileges to security principals (User, Group Managed Service Account, Group and Computer Objects). Some permissions are more sensitive than others and should be kept only for privileged accounts such as for Tier 0 administrators (Read about the credential tier model…

13