1.
Red Forest
Phase 1 The First 30 Days
1. Admin Accounts
: Tiered Administration
: Tier 0 Admins
:: Built-In Groups
:: A/DA/EA Groups
:: Account Operators
:: How to Secure Tier 0
: Tier 1
: Tier 2 Admins
2. Privileged Access Workstations
: Tiered OUs / The Admin OU
3. LAPS Servers & Workstations
Install and Configure LAPS
- Bonus Content: Administrator Management
: Admin OU
Phase 2 The First 90 Days
Phase 3 Beyond
2.
BadBlood
3.
Active Directory Cloning
4.
Breach Remediation
id_token
5.
AWS Security Pillars
1.
IAM Pillar
Start With the AWS Root Account
Create IAM user & Stop Using Root
STS Creds in One Line of Code
2.
Detective Control Pillar
Blog
2020 blogs
Tmobile Pacbot - Error Adding New Accounts
Chrome Critical Patches and Microsoft Tiers
I Walked Out to Protect My Identity
Microsoft's Policy on Password Expiration
Bloodhound in Docker in a Browser. Oh My
Create a Fully Loaded, Free Active Directory Lab in 15 Minutes
Invoke-Badblood.ps1 New Features and Speed Increase
Escalation Defenses AD guardrails every company should deploy
A SIDHistory Attack - Marching onto a DC
AD Privilege Escalation Exploit The Overlooked ACL
Adding a Backdoor to AD in 400 Milliseconds
Administrator Escalation - Creeping to the Top
Who Can See LAPS Passwords?
The Making of Badblood
2019 Blogs
5 ways Attackers Exploit Account Operators
Enable AWS MFA in 10 Steps (With Pictures)
Flaws.cloud level 1
Get All AWS Administrators with PowerShell
List AWS Access Keys with CLI Access
Microsoft's Policy on Password Policies
More
Contact Us
GitHub
Twitter
LinkedIn
Post Tags
Clear History
License
Documentation License
Licensed under the
Creative Commons Share Alike 4.0
license.
Code License
Licensed under the Apache 2.0 and MITnoAttr License.
© 2020 David Rowe / Secframe.com. All rights reserved.
Active Directory And AWS Security Frameworks
>
Tags
> Testing
tag :: Testing
Active Directory Cloning