A proud moment for the Netwrix team. Netwrix PingCastle has been referenced in a recently published joint Five Eyes cybersecurity advisory on detecting and mitigating Active Directory compromises — recognized as a tool defenders can use to assess and strengthen their AD security posture. Active Directory remains one of the most targeted parts of enterprise infrastructure, and we’re honored to see PingCastle acknowledged as part of the broader defensive toolkit available to organizations worldwide. A huge thank you to the cybersecurity community and to every defender who has trusted Newtrix PingCastle over the years. We’ll keep building tools that help blue teams stay ahead. Learn more about PingCastle: netwrix.com/en/products/ping… #CyberSecurity #ActiveDirectory #PingCastle #InfoSec #BlueTeam

I'm so excited to @hthackers 2026 and the Spaceballs theme! Ticket up today and I'll see you there! ❤️🤘

🎉 !TOOL DROP! 🎉 VEXED - vSphere EXploitation & Extraction Dumper It enumerates users, Kerberos credentials, scans process memory, and tests for known misconfigurations. Check it out and let me know what you think! github.com/dfirdeferred/VEXE…

Check out my new whitepaper covering vSphere's Active Directory authentication flow! I asked one question: when vSphere integrates with Active Directory, where do the credentials actually go? netwrix.com/en/resources/gui…

Remember your roots.

⚠️ Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise | Read more: cybersecuritynews.com/active… Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The vulnerability emerges because Active Directory sites can be linked to Group Policy Objects (GPOs), which control system configurations across an organization. When attackers gain write permissions to sites or their associated GPOs, they can inject malicious configurations that compromise all computers connected to those sites, including domain controllers. #cybersecuritynews #windows

Super stoked to share that @JimSycurity and I will be leading an Active Directory Security course at BSides Charm 2025! We will cover Active Directory infrastructure, common misconfigurations, vulnerabilities and mitigations, and hands-on labs!

New #AADInternals version is finally out now: ▪ Moved endpoint related stuff to new module: AADInternals-Endpoints ▪ Added blue team stuff: Get app consent info, find backdoors, convert SID<>Entra ID Object ID, find abusable dynamic groups ▪ Added red team stuff: Get ESTSAUTH cookies, export Intune certificate, invoke PS scripts as system or other users See full change log at: aadinternals.com/aadinternal…

Make sure you stop by the @TrimarcSecurity ISV (Active Directory Hacking) today at @hthackers Hackers Teaching Hackers. There might even be a second CTF flag there if you know where to look.....

Do you allow your high privileged users in Entra ID (e.g. Global Admin) to register authentication methods themselves after initial setup? Do you, to detect malicious actions, monitor the addition of e.g. passkeys and follow up with the user?

When it comes to Active Directory Security Descriptors, ignorance is NOT bliss... it can be a full-on SLASHER FLICK of misconfigurations 🔪 This Thursday, @JimSycurity shares insights we've learned across thousands of AD & Entra ID security assessments -- Tips that can arm you to be the "sole survivor" archetype in the horror movie of securing Active Directory environments. (After all, nobody wants to be that sacrificial lamb who yells, "I'll be right back!" before heading into the wine cellar) 🎃 The Gooey Guts of Security Descriptors: Securable Objects, All the Way Down Thursday, October 24th @ 11 am PT / 2 pm ET Register at bit.ly/DescriptorInnards

New project: FlameScale OS. An operating system aimed at Active Directory/Windows security research. I will be adding more functionality weekly on Sundays. Get your hands dirty with it at the @TrimarcISV (AD Hacking Village) at @hthackers Nov 13th-15th. github.com/dfirdeferred/Flam…

I created a wrapper/menu to make downloading and opening all of the @TrimarcSecurity tools on github easier and in one place. Just run the script and select which tool you want to download/open. github.com/dfirdeferred/Trim… #trimarc #activedirectory

Need a quick set of useful red/purple team Active Directory tools .....and happen to be running a Debian based distro......? Well look no further! Here are 2 scripts to save you 3 seconds. #activedirectory github.com/dfirdeferred/Red-…

Im stoked to be presenting my new tool! See you all this week!

Wild Wild West Hackin Fest is right around the corner! Im so ready for some good ol' "Break and Make!"

Make sure you stop by the @TrimarcSecurity table at @GrrCON to start getting directly active with your Active Directory security! #grrcon

GrrCON is right around the corner! See you there!

I had a blast speaking at @bsidesct last weekend. What an awesome conference! I cant wait to see whats in store for next year.

Slides from my @MCTTP_Con talk "A Decade of Active Directory Attacks - What We've Learned & What's Next" are now posted: trimarc.co/SeanTalkMCTTP2024