Explore >> Select a destination
|
You are here 
|
www.codeaffine.com | ||
| | | | |
sprovoost.nl
|
|
| | | | | ||
| | | | |
golb.hplar.ch
|
|
| | | | | ||
| | | | |
dirkjanm.io
|
|
| | | | | Many modern enterprises operate in a hybrid environment, where Active Directory is used together with Azure Active Directory. In most cases, identities will be synchronized from the on-premises Active Directory to Azure AD, and the on-premises AD remains authoritative. Because of this integration, it is often possible to move laterally towards Azure AD when the on-premises AD is compromised. Moving laterally from Azure AD to the on-prem AD is less common, as most of the information usually flows from on-premises to the cloud. The Cloud Kerberos Trust model is an exception here, since it creates a trust from the on-premises Active Directory towards Azure AD, and thus it trusts information from Azure AD to perform authentication. In this blog we will look at how this trust can be abused by an attacker that obtains Global Admin in Azure AD, to elevate their privileges to Domain Admin in environments that have the Cloud Kerberos Trust set up. Since this technique is a consequence of the design of this trust type, the blog will also highlight detection and prevention measures admins can implement. | |
| | | | |
securitybrief.co.uk
|
|
| | | QuSecure's QuProtect has won the Best Quantum Cyber Security Solution 2023, recognising its leadership in quantum-resilient security. | ||
