🔒 Secure Bits 💡 Do you use 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗔𝗿𝗺𝗼𝗿𝗶𝗻𝗴 in your environment? If you’ve followed my 𝗽𝗿𝗲𝘃𝗶𝗼𝘂𝘀 𝗽𝗼𝘀𝘁𝘀 on Kerberos internals, Kerberoasting, and Authentication Policies & Silos — this one’s for you. Let’s talk about Kerberos Armoring, technically known as FAST (Flexible Authentication Secure Tunneling) — an 𝘂𝗻𝗱𝗲𝗿𝘂𝘀𝗲𝗱 𝗯𝘂𝘁 𝗽𝗼𝘄𝗲𝗿𝗳𝘂𝗹 𝗹𝗮𝘆𝗲𝗿 of protection. 💥 𝗪𝗵𝘆 𝗶𝘁 𝗺𝗮𝘁𝘁𝗲𝗿𝘀: During the initial Kerberos authentication (AS-REQ), a client sends: 🔹 Client Name (username) 🔹 Service Name (usually krbtgt) 🔹 Encrypted timestamp (using a key derived from the user’s password) An attacker who captures this traffic can 𝗯𝗿𝘂𝘁𝗲-𝗳𝗼𝗿𝗰𝗲 the encrypted timestamp offline to recover the 𝘂𝘀𝗲𝗿’𝘀 𝘀𝗲𝗰𝗿𝗲𝘁 𝗸𝗲𝘆 (potentially NT hash) — enabling impersonation or password recovery. 🛡️ 𝗪𝗵𝗮𝘁 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗔𝗿𝗺𝗼𝗿𝗶𝗻𝗴 𝗱𝗼𝗲𝘀: Kerberos Armoring protects these sensitive exchanges by encapsulating them in a secure tunnel, established using the computer’s own TGT session key. ➡️ This blocks offline brute-force attacks by encrypting the entire pre-auth request with strong key. ➡️ Without the session key — attackers get nothing usable. ⚙️ 𝗛𝗼𝘄 𝘁𝗼 𝗲𝗻𝗮𝗯𝗹𝗲 𝗶𝘁: ✅ On clients (GPO): Kerberos client support for claims, compound authentication, and Kerberos armoring ✅ On domain controllers (GPO): KDC support for claims, compound authentication, and Kerberos armoring 🧠 If you want to enforce it (𝗳𝗮𝗶𝗹 𝗶𝗳 𝗻𝗼𝘁 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲), you can set: Fail authentication requests when Kerberos armoring is not available 💬 𝗔𝗿𝗲 𝘆𝗼𝘂 𝗲𝗻𝗳𝗼𝗿𝗰𝗶𝗻𝗴 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗔𝗿𝗺𝗼𝗿𝗶𝗻𝗴, or is your domain still vulnerable to offline password attacks? #SecureBits #Kerberos #CyberSecurity #ActiveDirectory #WindowsSecurity #HorizonSecured @BlueTeamDave

Boot multiple operating systems from one USB drive

Active Directory Penetration Testing Using Impacket 🔥 Telegram: t.me/hackinarticles hackingarticles.in/active-di… #CyberSecurity #InfoSec #PenetrationTesting #EthicalHacking #BugBounty #ThreatIntelligence #RedTeam #BlueTeam #CloudSecurity #DataSecurity #ZeroTrust #CyberSecurityJobs #CyberSecurityAwareness

🛠️ ProxMenux Monitor es una herramienta para la gestión de Proxmox VE github.com/MacRimi/ProxMenux

A list of open source games.

🛠️ ADCSDevilCOM: A C# tool for requesting certificates from ADCS using DCOM over SMB. ✅ Remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM github.com/7hePr0fess0r/ADCS…

⚠️ Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise | Read more: cybersecuritynews.com/active… Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The vulnerability emerges because Active Directory sites can be linked to Group Policy Objects (GPOs), which control system configurations across an organization. When attackers gain write permissions to sites or their associated GPOs, they can inject malicious configurations that compromise all computers connected to those sites, including domain controllers. #cybersecuritynews #windows

Wi-Fi as a Motion Sensor

🍯 If you've never seen or worked with a Honeypot, watch this video. It covers how to setup almost 20+ honeypots (and visualize the data) to trap attackers. Video: piped.video/watch?v=FjZmhI_l…

#Offensive_security #Red_Team_Tactics SID filter as security boundary between domains? Part 1 - Kerberos authentication explained - itm8.com/articles/sid-filter… Part 2 - Known AD attacks - from child to parent - itm8.com/articles/sid-filter… Part 3 - SID filtering explained - itm8.com/articles/sid-filter… Part 4 - Bypass SID filtering research - itm8.com/articles/sid-filter… Part 5 - Golden GMSA trust attack - from child to parent - itm8.com/articles/sid-filter… Part 6 - Schema change trust attack - from child to parent - itm8.com/articles/sid-filter… Part 7 - Trust account attack - from trusting to trusted - itm8.com/articles/sid-filter… // In part 1, we explain everything you need to know about the underlying Kerberos authentication mechanisms to understand the attacks, defenses, and research in the rest of the series. Part 2 reviews known methods of escalating from a child domain to a parent domain. Part 3 describes known methods for preventing attacks using SID filtering. Part 4-7 describe our research findings and novel trust attacks

Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database github.com/MorDavid/DonPwner

Penetration testing platform using multiple AI models

Ever looked at your local Administrators group and wondered who those random SIDs belong to? Windows finally shows Entra roles and groups with their actual names. No more guessing, no more unreadable entries. See how it works in the latest Patch n Rant episode: piped.video/tiTqGrnL6K8 #Intune #MSIntune #Windows11 #Entra #Windows

🔒 Secure Bits 💡 Have you ever heard of 𝗘𝗦𝗖 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀? I guess you have. If you're running 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝗦𝗲𝗿𝘃𝗶𝗰𝗲𝘀 (𝗔𝗗 𝗖𝗦) and haven't audited it for ESC misconfigurations — you may be sitting on a 𝘁𝗶𝗰𝗸𝗶𝗻𝗴 𝘁𝗶𝗺𝗲 𝗯𝗼𝗺𝗯. 💣 🎯 ESC vulnerabilities (Enterprise PKI Escalation Paths) are incredibly 𝗰𝗼𝗺𝗺𝗼𝗻 and highly 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀. Yet… most environments I assess treat AD CS like a black box — “It’s working, so let’s not touch it.” But attackers love AD CS — it often lets them 𝗲𝘀𝗰𝗮𝗹𝗮𝘁𝗲 𝘁𝗼 𝗗𝗼𝗺𝗮𝗶𝗻 𝗔𝗱𝗺𝗶𝗻 using just a basic user account. No exploits. Just misconfigurations. 𝗟𝗲𝘁’𝘀 𝗯𝗿𝗲𝗮𝗸 𝗱𝗼𝘄𝗻 𝗘𝗦𝗖𝟭 👇 ESC1 = Certificate Template Misconfig It lets a regular user request a certificate that can later be used to authenticate as someone else — including privileged users. 𝗧𝗼 𝗯𝗲 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗹𝗲, 𝗮𝗹𝗹 𝗼𝗳 𝘁𝗵𝗲𝘀𝗲 𝗮𝗿𝗲 𝘁𝗿𝘂𝗲: ✅ Non-privileged users can enroll in a certificate template ✅ Manager approval is not required ✅ No authorized signature is required ✅ The template supports client authentication (PKINIT, Smart Card, etc.) ✅ The requester can define the Subject Alternative Name (SAN) 𝗘𝗻𝗱 𝗿𝗲𝘀𝘂𝗹𝘁? A low-privileged user can impersonate anyone — including a Domain Admin — using the certificate. 🛠️ 𝗛𝗼𝘄 𝘁𝗼 𝗰𝗵𝗲𝗰𝗸 𝘆𝗼𝘂𝗿 𝗲𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁: There are free tools for this: 🔹 ADProbe — My AD vulnerability scanner 🔹 Locksmith by Jake Hildreth — covers almost all ESC vulnerabilities 🔹 ... 🎯 There are 𝟭𝟲 𝗘𝗦𝗖𝘀 𝗶𝗻 𝘁𝗼𝘁𝗮𝗹. I’ll be covering them in upcoming Secure Bits posts. 👉 Did you already know what ESC1 was about? #ADCS #SecureBits #CyberSecurity #ActiveDirectory #RedTeam #BlueTeam #PKI #WindowsSecurity #HorizonSecured @BlueTeamDave

FREE MCP Security Fundamentals Course apisecuniversity.com/courses…

If you’re threat hunting in Windows, these Event IDs are your goldmine. 💎 From failed logons to PowerShell abuse & privilege escalation, knowing which logs matter most can slice your investigation time in half. ⚡ 📌 Pro tip: Correlate multiple Event IDs; attackers never leave just one breadcrumb. #SOC #DFIR #ThreatHunting #CyberDefenders

Hides any file inside a PNG image

Turn any GitHub repository into rich, navigable docs. Simply replace "github" with "deepwiki" in the repo URL.

Death by Token: Understanding CVE-2025-55241: practical365.com/death-by-to… #EntraID #Security #Token

The Intune MDM Device Certificate and its renewal… Next year (around 03/04 of 2026) every single Intune MDM certificate will need renewal. Yes, all of them!!!!!!! Why? Because the Microsoft Intune Root Certification Authority is expiring. I’m marking that date in my calendar, because if even 10% of all Intune-managed devices miss that renewal (which they will because of reasons I am asked to look at now)… we’re in for one massive shitshow. Why? If the certificate is not renewed, the device would lose communication with Intune.... The only solution is to reenroll! Where is the Microsoft announcement? @IntuneSuppTeam ???? #Intune #MSIntune #Windows #Windows11