- Blast from the Past - Domain Controller Updates from 2021 - LDAPS not 'enforced'? https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry 3 comments sysadmin
- "After installing the security updates for CVE-2017-8563 [included in today's updates], administrators need to set registry key LdapEnforceChannelBinding to enable the fix for the CVE." https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry 8 comments windows
Linking pages
- Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory | Shenanigans Labs https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html 38 comments
- Abusing Exchange: One API call away from Domain Admin - dirkjanm.io https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ 33 comments
- Reminder: LDAP signing requirements in March 2020 - PKI Solutions LLC https://www.pkisolutions.com/reminder-ldap-signing-requirements-in-march-2020/ 3 comments
- Escalating privileges with ACLs in Active Directory – Fox-IT International blog https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/ 3 comments
- The worst of both worlds: Combining NTLM Relaying and Kerberos delegation - dirkjanm.io https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ 0 comments