Note: This process preserves existing admin accounts. Verify Version 2. Insert the following into the URL to do a reset on an administrator account: server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false

If you are an Azure AD free customer you should at least know of the setting called security defaults. Security defaults are for Azure AD Free customers that are not on a P1 or P2 licensing model. If you want to read more about security defaults you can do so…

This box (Access) is well known (or atleast should be) in Offsec Proving grounds. I decided to revisit this active directory box as a refresher for the OSCP exam as it contains multiple lateral movement paths. What I am disclosing isn’t new. …

This is really just a placeholder for me and future research, but in the meantime enjoy. Just a quick run down of Microsoft resources from all the announcements today: Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID |… Microsoft Entra is unifying identity and network access with a new Security Service Edge solution and more identity…www.microsoft.com Azure AD is Becoming Microsoft Entra ID Today we announced significant milestones for identity and network access, including the news that Microsoft Azure…techcommunity.microsoft.com

So very recently I wanted to look at token protection mechanisms that Microsoft recently put into preview. You can find documentation on how to build conditional access policies below: Token protection in Azure AD Conditional Access - Microsoft Entra Token protection (sometimes referred to as token binding in the industry) attempts to reduce attacks using token theft…learn.microsoft.com So a few things to take note of and expected limitations at the time of this writing.

Microsoft recently announced it would be officially supporting IPv6 for Azure AD services starting at the end of March 2023. …

Want to natively abuse SeBackupPrivilege to a domain controller and backup ntds.dit and extract hashes offline? (using kali) Here are my notes: Modify the contents of /etc/samba/smb.conf to the following: [Global] interfaces = tun0 (modify to vpn adapter only if needed) [smb] comment = Samba path = /tmp/ guest ok = yes read only…

I really enjoyed working on this active directory box as hacking an AD environment with NTLM authentication turned off gives a unique perspective of learning how to troubleshoot native default tools on kali linux. It also gets you more comfortable with impacket usage and how to query ldap with certificates…

TryHackMe | VulnNet: Endgame Hack your way into this simulated vulnerable infrastructure. No puzzles. Enumeration is the key.tryhackme.com This is a small hacking adventure into Vulnnet. I may have gotten more than I bargained for when I choose to hack this box because there were parts of this box I got stuck on and had to take a small hint to carry on. …