Good news everyone! We are under brute force attack!

The title is a tribute to Professor Farnsworth… I mentioned it because my jokes usually never land… And just to make it clear, this post is not a guidance on what to do in case of brute force attacks (bummer… eh?), it is a just testimony of my recent experience with the topic and how…

0

🐶🐶🐶 Credential theft made easy with Kerberos delegation

Yes it takes just 2 lines of PowerShell to impersonate whoever you want… A small preamble: things discussed here are not hacking techniques, nor innovative ways to impersonate a user. These are intended behaviors, and they all have been around for a very long time. Why talk about it now? Because as a part of my job, I…

3

Do I really need ADFS?

I often hear and read misconceptions on whether or not you should or must deploy an ADFS farm when Office 365 is in the picture. So I will try to give you my version (well it is a collection of feedback from my peers as well), hoping that might help you to sort out your…

12

List all possible security events and their descriptions in PowerShell

If you’d like to know all the possible security event in your system, the best way to do it is to download the spreadsheet that has the full list: Windows security audit events This is great, very complete but also implies that you have an Internet connection and Excel to open the file. An other…

0

AD Fun Services – List all the members of an ADFS farm

In Windows Server 2012 R2, the ADFS database actually does not keep track of the servers member of the farm. It is a stateless farm were every node happen to share the same database (if a SQL server is used) or the same copy of the database (if it is WID). The only thing stored…

1

Q&D - Backup/Restore your ADFS claim rules for Office 365

When it comes to try and fail fast, nothing better than to be able to restore things the way it used to be before you broke everything 🙂 Here are some examples of PowerShell cmdLets you can rule to export your claim rules for the Azure AD Relying Party Trust into files and re-import them…

1