After you add a computer or a user account to an Active Directory security group, the new access permissions or the new GPOs are not applied immediately. To update the…

While the title of this blog may be a bit exaggeration, the command I'm trying to show here does it's best to deliver on the promise. What you're about to witness here is something I've worked on for...

A curated list of awesome Security Hardening techniques for Windows. - PaulSec/awesome-windows-domain-hardening

The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL) - PwC-IR/Office-365-Extractor

CrowdStrike recently caused a widespread Blue Screen of Death (BSOD) issue on Windows PCs, disrupting various sectors. However, this was not an isolated incident, CrowdStrike affected Linux PCs also.

A PowerShell script to create an HTML report on recent changes in Active Directory. - ADChangeReport.ps1

Channel Binding is a LDAP hardening setting that is often misunderstood and as a result is often not enabled.  In this post I explain why it is important along..

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. - microsoft/AttackSurfaceAnalyzer

Digital Forensics and Threat Hunting for Artifacts In Obscure Windows Event Logs

If you feel this title is very familiar to you it's because I actually have stolen the title from Kevin Marquette. I'm in awe of his posts that take you thru topic from beginning till the end. No...

A PowerShell script that automates the security assessment of Microsoft 365 environments. - soteria-security/365Inspect

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab - GitHub - WaterExecution/vulnerable-AD-plus: Create a vulnerable activ...

Directory Services Internals (DSInternals) PowerShell Module and Framework - MichaelGrafnetter/DSInternals

500+ free PowerShell scripts (.ps1) for Linux, Mac OS, and Windows. - fleschutz/PowerShell

In this series my goal is to help you understand how to move forward with confidence by better understanding the changes along with how to perform proper due..

Windows 10/11 hardening scripts. Contribute to atlantsecurity/windows-hardening-scripts development by creating an account on GitHub.

After a confirmed or even suspected security breach it may be advised to have all users change their passwords. In this post we'll review how to...

Script to perform some hardening of Windows OS. GitHub Gist: instantly share code, notes, and snippets.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

I've been working with Windows Events for a while now. One of the things I did to help me diagnose problems and reporting on Windows Events was to write PSEventViewer to help to parse the logs and...

A collection of my favourite PowerShell One-Liners. Get the job done quicker and impress your colleagues with these proven one-liners

Editor's Note: Nearly a decade ago, Sean Metcalf made this post on ADSecurity.org and we're reposting it here in its original form because,

To identify drivers, programs, and services that cause Windows to bool slowly, you must enable startup logging. In this guide, we will have a look at how to create a…

This is a complete guide to Group Policy Management. In this guide, you will learn the basics of group policy. I’ll demonstrate several examples of how to properly create and manage group policy...

Operating system hardening is the process of improving the security of a default OS installation to minimize the attack surface that can be exploited by an attacker. But doing this manually on each…

Unlock the secrets to fortifying Active Directory with our practical checklist and best practices, tailored for real-world cybersecurity.

Learn practical strategies to harden your Active Directory and prevent cyber attacks. Explore tiered security, micro segmentation, protected users, and more

Harden Windows safely, securely using Official Microsoft methods

Active Directory Group Policies (GPO) enables you to control user and computer settings. It is important to document them. In this blog post I am going to show you two PowerShell commands which cre…

The "Monash Enterprise Access Model" (MEAM) is a model for tiering Active Directory that builds heavily on the Microsoft Enterprise Access Model. - mon-csirt/active-directory-security

Group Policy Guide for baseline hardening that includes information on risk, vulnerabilities, and best practices.

While a powerful tool for managing access to cloud applications and identities, Azure Active Directory (Azure AD) can be challenging to set up securely, leading to cloud misconfigurations, privileged...

Creates shortcuts to virtually every special location or action built into Windows - ThioJoe/Windows-Super-God-Mode

In this series my goal is to help you understand how to move forward with confidence by better understanding the changes along with how to perform proper due..

Tired of constantly typing in passwords or using clunky two-factor authentication like OTP to access your Remote Desktop? With the…

Scripts and tools for use with Microsoft products/technologies - guyrleech/Microsoft

Many changes are coming to the SMB protocol in Windows 11 and Windows Server 2025. Read up on what will be generally available later in 2024. 

Understanding the task scheduler service, “taskhostw.exe” and its command line arguments.

Kerberos and NTLM authentication protocols. Authentication protocols are popular attack vectors. Choose the most secure protocol possible.

This tutorial will show you how to add or remove the Windows Copilot button on the taskbar for your account in Windows 11. Windows is the first PC platform to provide centralized AI assistance to...

CIS & Azure Security Center Hardening recommendations implemented in PowerShell DSC from Azure Automation - Fortigi/ServerHardening_DSC

Active Directory security effectively begins with ensuring Domain Controllers (DCs) are configured securely. At BlackHat USA this past Summer, I spoke about AD for the security professional and...

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews. - silverhack/monkey365

Introduction to FSMO Roles

In this series my goal is to help you understand how to move forward with confidence by better understanding the changes along with how to perform proper due..

This repo is about Active Directory Advanced Threat Hunting - tomwechsler/Active_Directory_Advanced_Threat_Hunting

Learn more about: Securing Domain Controllers Against Attack

In this post, we will look at the Microsoft account lockout tool and the lockout and management tool from the AD Pro Toolkit. Both tools can be used to quickly get the lockout status of Active…

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ） - Yamato-Security/WELA

Learn more about: Implementing Least-Privilege Administrative Models

Collection of Event ID ressources useful for Digital Forensics and Incident Response - stuhli/awesome-event-ids

Windows optimization and debloating utility. Contribute to 5cover/WinClean development by creating an account on GitHub.

During the Trimarc Webcast on June 17, 2020, Sean Metcalf covered a number of Active Directory (AD) components and areas that should be reviewed for potential security issues. The presentation...

An Active Directory audit utility. Contribute to dionach/NtdsAudit development by creating an account on GitHub.

If you're looking to delve into Microsoft 365 management, there are a few options available. Some components offer free, time-limited trial versions, and in the case of Azure AD, there's a stripped...

Windows and Active Directory

Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems.

In the Active Directory PowerShell module, you have two commands to your disposal that help display group membership. Those are Get-ADGroup and Get-ADGroupMember. The first command contains property...

Learn more about: Appendix L: Events to Monitor

Learn how to use Visual Studio Code keyboard shortcuts for higher productivity

This PowerShell script is used to assign permissions in Active Directory based on predefined templates. It enables administrators to configure specific rights and properties for user, group, compu...

Protecting Against Privileged Credential Sprawl. Highly privileged accounts are often used to perform tasks on systems.

You want to ping multiple computers at once? Can’t? Yes you can, with PowerShell. In this post I’ll show you a few examples of how you can ping multiple computers. We will use the Test-…

Protect RDP passwords from Mimikatz attacks with Remote Credential Guard. Follow our guide to configure this feature in Remote Desktop Manager and boost your remote access security.

Learn to import GPO modules in PowerShell, export GPOs, and generate GPOs linked to an OU for detailed reporting.

View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.

In a previous post, we discussed how to quickly unlock AD accounts with PowerShell. However, the main problem admins tend to face is identifying the source computer or service that is causing the...

In the previous blog we talked about the logging of RDP logs if you had not read the previous blog please find below link:

Remote Desktop Protocol (RDP) is a widely used technology that allows users to connect remotely to another computer or server over a…

Read the 2024 Microsoft Vulnerabilities Report for an analysis of vulnerabilities across the Microsoft ecosystem, an assessment of how these…

Over the last few weeks, I’ve had conversations with several individuals around mitigating lateral movement in a Windows environment. In…

Join us to gain valuable insights into the PowerShell Application Deployment Toolkit (PSADT) and its capabilities for optimizing application deployment workf...

Active Directory has several levels of administration beyond the Domain Admins group. In a previous post, I explored: "Securing Domain Controllers to Improve Active Directory Security" which explores...

Entra ID Open Source Intelligence tool

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. - TrimarcJake/Locksmith

Learn more about: Appendix D: Securing Built-In Administrator Accounts in Active Directory

We've recently published a series of videos on the advancehttps://www.youtube.com/watch?v=b9juS5RT1lg https://www.youtube.com/watch?v=b9juS5RT1lg d..

NTLM (NT LAN Manager) is a legacy Microsoft authentication protocol that dates back to Windows NT. Although Microsoft introduced the more secure Kerberos authentication protocol back in Windows 2000,...

Last update: November 3rd, 2021 Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz...

Managed Service Accounts in Windows allow administrators to automate password management for accounts. Here's how they work.

Intro and Prior Work

Parsing Windows event logs with PowerShell? Learn how to extract specific information using XML and XPath queries in this step-by-step tutorial.

By planning your Windows security event logs using best practices, you can collect the data necessary for securing information and complying with regulatory requirements.