Active Directory Security Archives - 7ASecurity Blog https://7asecurity.com/blog/ 7ASecurity Blog With Cybersecurity Tips and Tools Fri, 12 Jun 2026 07:44:33 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico Active Directory Security Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 Diamond Ticket vs Golden Ticket: Why Your SOC is Blind https://7asecurity.com/blog/2026/06/diamond-ticket-vs-golden-ticket-why-your-soc-is-blind/ Fri, 12 Jun 2026 07:44:00 +0000 A Diamond Ticket attack is a parasitic cryptographic forgery. It hijacks a legitimate Windows authentication flow. This grants an attacker stealthy, long-term access to your network. Unlike Golden Tickets, which are built from scratch and easily flagged by missing request logs, or Silver Tickets, which are limited to specific services, a Diamond Ticket modifies a …

The post Diamond Ticket vs Golden Ticket: Why Your SOC is Blind appeared first on 7ASecurity Blog.

]]>
We Audited Legacy WMIC Commands (Our Defensive Guide) https://7asecurity.com/blog/2026/06/we-audited-legacy-wmic-commands-our-defensive-guide/ Fri, 12 Jun 2026 07:34:12 +0000 The removal of WMIC commands changes how you manage Windows, but the underlying security risks haven't gone away. While Microsoft has retired the old wmic.exe tool, the WMI system itself remains a primary target for fileless attacks and stealthy persistence. This guide provides essential translations to migrate your legacy WMIC tasks to secure PowerShell CIM …

The post We Audited Legacy WMIC Commands (Our Defensive Guide) appeared first on 7ASecurity Blog.

]]>
Your Guide to Finding and Protecting the NTDS.dit Location https://7asecurity.com/blog/2026/06/protect-ntds-dit-active-directory/ Fri, 05 Jun 2026 09:48:34 +0000 The NTDS.dit location is the primary target for any hacker looking to take total control of your organisation. This file is the central database for Active Directory. It contains every user account, group membership, and the encrypted password hashes for your entire domain. While the default file path (C:\Windows\NTDS\ntds.dit) is well-known, modern threat actors use …

The post Your Guide to Finding and Protecting the NTDS.dit Location appeared first on 7ASecurity Blog.

]]>
Stop Hackers Abusing AD Explorer in Your Corporate Network https://7asecurity.com/blog/2026/06/stop-ad-explorer-abuse/ Fri, 05 Jun 2026 09:36:01 +0000 AD Explorer is an advanced admin tool used to manage and fix Active Directory databases. Yet, its powerful snapshot feature also helps attackers download your entire directory structure to analyse offline. Once the directory is extracted, hackers feed this data into graph tools like BloodHound to map paths to Domain Admin without triggering network alarms. …

The post Stop Hackers Abusing AD Explorer in Your Corporate Network appeared first on 7ASecurity Blog.

]]>
The 2026 Guide to NTLM Hash Security and Kerberos Migration https://7asecurity.com/blog/2026/05/ntlm-hash-security-kerberos-migration/ Fri, 29 May 2026 08:16:39 +0000 An NTLM hash is the mathematical version of a password that Windows uses for legacy authentication. For years, the security industry has known that older versions of this system were broken. Now, the 2025 and 2026 security baselines target the death of the entire NTLM stack, including NTLMv2. Microsoft is pushing companies to use Kerberos …

The post The 2026 Guide to NTLM Hash Security and Kerberos Migration appeared first on 7ASecurity Blog.

]]>
Stop Kerberoasting: Our Advanced Threat-Hunting Blueprint https://7asecurity.com/blog/2026/05/stop-kerberoasting-threat-hunting-blueprint/ Fri, 29 May 2026 08:16:17 +0000 Modern Kerberoasting detection has moved far beyond watching for bulk ticket requests. In 2026, sophisticated threat actors use targeted requests to blend seamlessly into normal network traffic. With Microsoft’s mandatory move to AES-256, defenders must focus on advanced KQL queries and specific bitmask signatures in Event ID 4769. Tactical Identity Defense: Mastering Kerberoasting Detection in …

The post Stop Kerberoasting: Our Advanced Threat-Hunting Blueprint appeared first on 7ASecurity Blog.

]]>