SMB explained

Full article: https://401trg.com/an-introduction-to-smb-for-network-security-analysts/   Introduction: At its most basic, SMB is a protocol to allow devices to perform a number of functions on each other over a (usually local) network. SMB has been around for so long and maintains so much backwards compatibility that it contains an almost absurd amount of vestigial functionality, but itsContinue reading “SMB explained”

Kerberos is not used when you connect to SMB shares by using IP address

When you connect to remote Server Message Block (SMB) services shares by using \\192.x.y.z\share name, Kerberos is not used, and the Internet Protocol (IP) SMB file share access does not use Kerberos. A network trace shows the following Kerberos error in the KRB_ERROR: Server not found in Kerberos database Cause: By default, Microsoft Windows ServerContinue reading “Kerberos is not used when you connect to SMB shares by using IP address”

AD – kerberos – Changes to Ticket-Granting Ticket (TGT) Delegation Across Trusts

Change coming in July 2019 Articles: https://techcommunity.microsoft.com/t5/Core-Infrastructure-and-Security/Changes-to-Ticket-Granting-Ticket-TGT-Delegation-Across-Trusts/ba-p/440261   KB 4490425: https://support.microsoft.com/en-us/help/4490425/updates-to-tgt-delegation-across-incoming-trusts-in-windows-server   Workaround: To help determine if any applications or accounts are using the unsafe delegation, use the following resources: PowerShell A quick command can be run against a trust from PowerShell that will determine if the flag is set on an inbound trust. RunContinue reading “AD – kerberos – Changes to Ticket-Granting Ticket (TGT) Delegation Across Trusts”

Kerberos delegation in AD

There are three kinds of Kerberos delegation in Active Directory: Unconstrained When a Domain Administrator configures a service’s account to be trusted for unconstrained delegation, that service has the ability to impersonate any user account to any other service. This is the most insecure delegation option, because a service could impersonate any user to anyContinue reading “Kerberos delegation in AD”

AD – Advanced Threat Analytics (ATA) and Azure ATP

An alternative to Azure ATP / ATA => Alsid: https://www.alsid.com/alsid-solution    =================================== Azure ATP ======================================= What is Azure ATP: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-amp Azure ATP release notes: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-whats-new Suspicious activity guide: https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide   Unified on MCAS, Azure ATP and Azure AD identity protection: Microsoft has three identity-centric security products offering detection capabilities across on-premise and in the cloud: Azure AdvancedContinue reading “AD – Advanced Threat Analytics (ATA) and Azure ATP”