Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.green is one of the many independent Mastodon servers you can use to participate in the fediverse.
Plant trees while you use Mastodon. A server originally for people in the EU, but now open for anyone in the world

Administered by:

Server stats:

1.2K
active users

mastodon.green: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#activedirectory

2 posts2 participants0 posts today
Public
Kallisti

I started a list of tools, useful for pentesters and sysadmins alike, to gain a quick overview of potentially critical vulnerabilities and attack paths within an Active Directory domain.

Exploiting these vulnerabilities might provide pentesters with domain admin privileges rather quickly.

On the other hand, fixing these vulnerabilities is often not that difficult or time-intensive and can massively bolster the security of a domain.

ti-kallisti.com/general/ms/qui

Ti KallistiActive Directory Quick WinsSome quick and easy steps you can take to get an overview over your Active Directory and bolster its security
#ActiveDirectory#Pentesting#sysadmin
Public
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). #CyberSecurity #RedTeam

Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. #Pentesting #ActiveDirectory

Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. #InfoSec #PKI

🔗 Project link on #GitHub 👉 github.com/ly4k/Certipy

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
LDAP Tool Box Project

🆕 LDAP Tool Box Service Desk 0.6.2 released!

ℹ️ LDAP Tool Box Service Desk is a web application for administrators and support teams. It allows to browse accounts in an LDAP directory, view and update their password and security status.

🔗 News on OW2 : projects.ow2.org/view/ldaptool
🔗 Release on GitHub : github.com/ltb-project/service
🔗 Download : ltb-project.org/download.html

LTB Website screenshot
#LDAP#OpenLDAP#ActiveDirectory
Public
LDAP Tool Box Project

🆕 LDAP Tool Box Self Service Password 1.7.3 released!

ℹ️ LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password (mail, SMS, questions) if they lost it. It works with any LDAP directory, including Active Directory.

🔗 News on OW2 : projects.ow2.org/view/ldaptool

🔗 Release on GitHub : github.com/ltb-project/self-se

🔗 Download : ltb-project.org/download.html

LTB website landing page
#LDAP#SSP#SSPR
Public
Cassander

Is today #FediHire Friday? Sure looks like it!

What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large environment. Interested in relocating outside of the US. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively.

My main focus the last few years has been rebuilding and modernizing a struggling certificate management team. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack, getting a handle on our web PKI consumption, and making massive improvements to our certificate lifecycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My background in understanding deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've been training and teaching junior and mid-level engineers both practical PKI concepts and our specific enterprise requirements. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can do their best.

Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

PMs open if you want to talk details. Boosts/reshares appreciated.

#Job#GetFediHired#ITJobs
ExploreLive feeds
About