📔 Michael Grafnetter

If you deployed Windows Hello for Business, you should definitely read Microsoft's Security Advisory ADV190026. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026 … And I am not saying it just because I reported that issue and had a talk about it at Black Hat Europe. https://www.blackhat.com/eu-19/briefings/schedule/index.html#exploiting-windows-hello-for-business-17260 … #BHEUpic.twitter.com/BUKgzAc33b

I stumbled upon the following 802.1X MAC Auth Bypass implementation during a recent AD security audit. Is 802.1X being enabled on all ethernet ports really worth turning off password complexity requirements and having AD accounts with username==password??? https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02628207 …pic.twitter.com/ANk2RDMW9U

Looking forward to hosting a workshop called "Offline Attacks on Active Directory" at BSides Lisbon. https://www.bsideslisbon.org/speakers/ pic.twitter.com/YmVPRLgNGr

Super excited to be demoing the #DSInternals PowerShell Module at Black Hat Europe! https://www.blackhat.com/eu-19/arsenal/schedule/#dsinternals-powershell-module-17807 … #BHEUpic.twitter.com/0tmFMgxsEl

Just released a very simple #YubiKey Smart Card Minidriver Administrative Template (ADMX) for #ActiveDirectory. https://github.com/MichaelGrafnetter/yubikey-minidriver-admx …pic.twitter.com/GJ8JKnSsdQ

Nice one! I implemented a feature similar to lsadump::setntlm in PowerShell #DSInternals back in 2015, but I underestimated its coolness factor then, due to that issue with AES keys. ;-) Captain Obvious Sidenote: Works with both AD and LOCAL accounts, but not DSRM account AFAIK.pic.twitter.com/PvS9VsGRtB

Look at this deployment diagram of Azure AD password protection for Windows Server Active Directory https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises …pic.twitter.com/2Gw5vG2nk3

#DSInternals can now be used to check #ActiveDirectory passwords against @haveibeenpwned list, both online and offline (ntds.dit). Happy auditing!pic.twitter.com/XSjSKNjgTC

New #ActiveDirectory Group Policy Administrative Template for #YubiKey PIV Manager: https://github.com/MichaelGrafnetter/yubikey-piv-manager-admx …pic.twitter.com/vGCl7tJt1f

#ActiveDirectory DB folder contains 4 new files on Windows Server 2016. Any ideas about their meaning? @csababarta @agsolino @OndrejSevecekpic.twitter.com/NyMBTktRWq

I ran the @Thycotic Weak Password Finder in 5 production #ActiveDirectory domains and discovered significant security issues in all of them.pic.twitter.com/yd0TV85cA5

Impersonating Office 365 users with #mimikatz: https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/ …pic.twitter.com/0yD93usRa3

@Thycotic has released a nice and shiny freeware for auditing #ActiveDirectory passwords, based on #DSInternals. https://www.dsinternals.com/en/finding-weak-active-directory-passwords/ …pic.twitter.com/AZXOwCvjfK

I simply love #password reset questions to which all your Facebook friends know the answer...pic.twitter.com/VUXJamzUzZ

#DSInternals PS module can now dump KDS Root Keys for DPAPI-NG decryption, e.g. SID-protected PFX files. https://github.com/MichaelGrafnetter/DSInternals/releases/tag/v2.18 … @PaulaCqurepic.twitter.com/IvgQwjG7u4

Detecting weak, duplicate, default or empty #ActiveDirectory passwords using #PowerShell https://www.dsinternals.com/en/auditing-active-directory-password-quality/ …pic.twitter.com/D4J0CucTlA

Dumping and modifying #ActiveDirectory database using a bootable flash drive: https://www.dsinternals.com/en/dumping-modifying-active-directory-database-bootable-flash-drive/ …pic.twitter.com/SEdAy244Sh

Today, I have received the Microsoft MVP Award! It has made my day. Thank you for your nominations.pic.twitter.com/wLIKirncxx

DSInternals 2.14 is out, with Windows Server 2016 support and ACL extraction from ntds.dit. https://github.com/MichaelGrafnetter/DSInternals/releases/latest …pic.twitter.com/L49ttnI3O2