Group Policy Blog

Elevating AD Domain Access With Write Access on the Domain NC Head

With this post and my last post, I guess I’m on a path of finding interesting ways to “break” AD. The last post related to AD denial of service and this one relates to an interesting way to get to privileged access on AD by gaining what would seem to be completely unrelated access on […]

Performing a Denial of Service on AD–How Hard Is it Really?

I was motivated to write this post based on a vendor blog that I read recently, that talked about ways to maliciously perform what amounted to a denial of service attack on AD. Ostensibly the post was designed to sell software, which I don’t begrudge, but it got me thinking–how easy is this to do, […]

Security Fun: Bloodhound, MS16-072 and GPO Discoverability

I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance to see some excellent talks related to Windows security and some super […]

Spiceworld 2015 – Austin, TX!

Hi everyone! I hope you are well and you all had a great summer. I have to admit I’m torn, not quite enough Summer for me (or my kids) but I’m extremely excited to get back into a rhythm and get cranking on some great work this year. We have an amazing year planned at […]