Blog Masonry No Sidebar

Avoid enabling Kerberos Pre-Authentication in AD

Kerberos Pre-Authentication The Key Distribution Center (KDC) is available as part of the domain controller and performs two key functions which are: Authentication Service (AS) and Ticket-Granting Service (TGS) By default the KDC requires all accounts to use pre-authentication. This is a security feature which offers protection against password-guessing attacks. The AS request identifies the client to…
Read more

 16,062 total views,  12 views today

Read More

LLMNR and NBT-NS Attack

LLMNR (Link-Local Multicast Name Resolution) is a protocol that is based upon the Domain Name System (DNS). It is often used by network-connected systems to identify hosts on the local-subnet when DNS fails, is not present or where peer-to-peer name-resolutions services are required. NBT-NS (NetBIOS Name Service) is a protocol to LLMNR and operates similarly…
Read more

 5,265 total views,  2 views today

Read More

How to Modify Preferred DNS Settings via PowerShell

How to Update/Modify Preferred DNS Settings via Powershell To get the Existing DNS Settings run the below command, Get-DnsClientServerAddress Need to get Interface Index for which you need to modify and New DNS information To modify the DNS Settings, use the below command, Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses (“10.0.0.10″,”10.0.0.11”) Now you can check Preferred DNS Settings…
Read more

 3,099 total views,  2 views today

Read More

How Change AD FS Service Communication Certificate

To change the Service Communication Certificate in AD FS, Kindly follow below setups Copy and Install the certificate on the AD FS servers. Once copied to the AD FS servers you can import the certificates: certutil -f -p “password” -importpfx C:\ADFS\certificate.pfx Get the Thumbprint of your New Certificate dir Cert:\LocalMachine\My\ If you have done that…
Read more

 2,781 total views,  2 views today

Read More

Group Managed Service Account (gMSA)

Active Directory managed service account that can be used to securely run services, applications, and scheduled tasks. Managed Service Accounts (MSA) to automatically manage (change) passwords of service accounts. Using MSA, you can considerably reduce the risk of system accounts running system services being compromised. MSA has one major problem which is the usage of…
Read more

 2,671 total views,  2 views today

Read More

How to Install & Configure AD FS 2019

Active Directory Federation Services (AD FS) also popularly known as SAML/Federation Services/SSO. It provides Web single-sign-on (SSO) to authenticate a user to multiple Web applications while utilizing a single account. AD FS Pre-requisite, Windows Server 2019 SSL Certificate Federation Services DNS name Service Account or Group Managed Service Account (gMSA) Domain Admin Permissions   Installing…
Read more

 4,179 total views,  2 views today

Read More

 356 total views,  1 views today

Leave a Reply

Your email address will not be published. Required fields are marked *