pam_mount stopped working after update #server #mount #pam #activedirectory #kerberos

https://askubuntu.com/q/1549680/612

Windows Server 2025: Rights extension gap in AD

Akamai warns of an unpatched privilege escalation vulnerability in Windows Server 2025. Admins need to take action.

https://www.heise.de/en/news/Windows-Server-2025-Rights-extension-gap-in-AD-10397993.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Windows Server 2025: Rechteausweitungslücke im AD

Akamai warnt vor einer ungepatchten Rechteausweitungslücke in Windows Server 2025. Admins müssen aktiv werden.

https://www.heise.de/news/Windows-Server-2025-Rechteausweitungsluecke-im-AD-10397566.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Be quick and become the 2nd follower of #EU_OS on #LinkedIn!

https://linkedin.com/company/eu-os/

I got told everyone on Mastodon uses already #Linux and the project to migrate from #Windows to Linux on the desktop would find a more relevant audience on LinkedIn.

Help EU OS to get what #Microsoft needs to make it go viral on LinkedIn: subscribe, comment, share widely!

I'd tell the guys at #Microsoft who designed Kerberos delegation in #ActiveDirectory to go to hell, but they're apparently already in it and very much intent on dragging in everyone with them...

Mastering Active Directory Hygiene: Automating SIDHistory Cleanup with CleanupMonster http://dlvr.it/TJZpmF via PlanetPowerShell #ActiveDirectory #SIDHistory #CyberSecurity #Automation

Is today #FediHire Friday? Sure looks like it!

What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large environment. Interested in relocating outside of the US. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively.

My main focus the last few years has been rebuilding and modernizing a struggling certificate management team. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack, getting a handle on our web PKI consumption, and making massive improvements to our certificate lifecycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My background in understanding deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.

This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've been training and teaching junior and mid-level engineers both practical PKI concepts and our specific enterprise requirements. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.

While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.

My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective.

In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can do their best.

Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world.

PMs open if you want to talk details. Boosts/reshares appreciated.

Understanding PasswordLastSet and PwdLastSet Using PowerShell http://dlvr.it/TJXBVS via PlanetPowerShell #ActiveDirectory #PowerShell #PwdLastSet #Security

My cloud identity team, made up of people who have only ever worked in cloud/SaaS IdP setups, has just been made responsible for an Active Directory environment.

Most of them are befuddled or panicking.

Me:

Powershell - Testimo module for testing your Active Directory http://dlvr.it/TJW1lK via PlanetPowerShell #PowerShell #ActiveDirectory #ITTraining #SysAdmin

How do I find all groups in common between a set of users in Active Directory? http://dlvr.it/TJNyXm via PlanetPowerShell #ActiveDirectory #ADGroups #ITSupport #SysAdmin

Am Dienstag: Das Active-Directory-Webinar von heise security

Wer ein Active Directory betreibt, sollte Ebenen trennen und gesicherte Admin-Workstations nutzen. Dieses Webinar gibt praktische Hilfe bei der Umsetzung.

https://www.heise.de/news/Am-Dienstag-Das-Active-Directory-Webinar-von-heise-security-10278105.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

https://chinstrap.community/specterops-raises-75-million-series-b-round/

Report Active Directory Accounts that are Synchronized with Azure AD http://dlvr.it/TJL2Zs via PlanetPowerShell #ActiveDirectory #AzureAD #PowerShell #ADConnect

25 Years of Active Directory and my PowerShell experience managing it http://dlvr.it/TJG4Vk via PlanetPowerShell #ActiveDirectory #PowerShell #ITManagement #SysAdmin

Avez-vous vu des licornes à l'#AlpOSS ?

C'est que vous avez raté la conférence flash de @clementoudot !

En 3 minutes seulement, découvrez comment débloquer un compte #ActiveDirectory ou réinitialiser un mot de passe depuis un simple navigateur !

https://video.echirolles.fr/w/82SByD9TRjWhhrDMCbPgNU

#AlpOSS2025 #OpenSource #TechInnovation #Networking #IsèreInnovation #LDAP #IAM #IGA #LDAPToolBox
@plossra_a @ltb_project @ow2

Secure those AD accounts!

Five best practices for securing Active Directory service accounts https://www.bleepingcomputer.com/news/security/five-best-practices-for-securing-active-directory-service-accounts/

25 Years of Active Directory and my PowerShell experience managing it http://dlvr.it/TJ7cMk via PlanetPowerShell #ActiveDirectory #PowerShell #ITManagement #TechAnniversary

I'm a bit embarrassed
#TIL the passwords are stored in #ActiveDirectory without a Salt.

I'm still in shock. For all my career (30+ years) storing salted and hashed passwords has been the standard (or at least I thought so)

For non-#Cybersecurity security people an explanation:
The term Salt means that each password is extended by some random data. When calculating the hash (a mathematical function which can't be reversed) this Salt is included. As the Salt is different every time a password is set or changed it guaranties that even if people choose the same password that the hash differs. Without the salt the same password would have the same hash, so attackers would instantly know which accounts have the same password. Making it much easier for them.

Actually, it is even worse. If the password was used and cracked before it is likely in a list of cracked hashes. So you don't need to crack any hashes. You can simply look it up.

E.g the NTLM hash 8AC2859EC4AF435BA6AD116B0690A904

Looking it up at https://ntlm.pw/ reveals the password "ZaqwsX7679bgHrty!"

Brute forcing it would take billions of years, but a simple lookup reveals it in milliseconds

Worteks revient à AlpOSS !
Un évènement incontournable pour l'écosysteme Open Source.

Cette année @clementoudot animera une présentations Flash : “Support Active Directory dans LDAP Tool Box Service Desk”

20 février 2025
Mairie d'Echirolles
Inscription sur : https://alposs.fr/
Organisé par @echirolles Belledonne Communications et @ow2

#AlpOSS #AlpOSS2025 #OpenSource #TechInnovation #Networking #LDAP #IAM #IGA #ActiveDirectory #LDAPToolBox
@plossra_a @ltb_project