November 14, 2025

Creating compliance alerts with Entra Identity Governance

November 14, 2025

Creating Compliance Alerts with Microsoft Entra Identity Governance “Compliance alerts” in identity land are simple: you define what should be true (policy), detect when reality drifts (signal), and notify the right owner fast enough to fix it (response). Microsoft Entra Identity Governance (Identity Governance) gives you strong policy primitives—like access reviews, …

Active Directory Fundamentals

How to detect Golden Ticket attacks

November 14, 2025

How to Detect Golden Ticket Attacks in Active Directory A Golden Ticket attack is one of the most damaging post-compromise techniques in Active Directory: an attacker forges a Kerberos Ticket Granting Ticket (TGT) using the KRBTGT account secret, then impersonates any user (often Domain Admin) to access domain resources while blending into “normal”…

Active Directory Fundamentals

Detecting Kerberoasting with PowerShell and logs

November 14, 2025

Detecting Kerberoasting with PowerShell and Logs Kerberoasting is an Active Directory attack technique where an attacker requests Kerberos service tickets (TGS) for accounts that have Service Principal Names (SPNs), then cracks the ticket offline to recover the service account password. Because it uses legitimate Kerberos flows, the key to detection is understanding what…

Active Directory Fundamentals

Mapping legacy AD groups to Entra roles

November 14, 2025

Mapping Legacy Active Directory Groups to Microsoft Entra Roles Legacy Active Directory (AD) group designs often carry years of historical decisions: “one group per admin team,” “one group per tool,” and the classic “Domain Admins-but-not-really” pattern. In Microsoft Entra ID, the control surface changes: privileged actions are driven by roles (directory…

Active Directory Fundamentals

Simulating AD attacks with Purple Team labs

November 14, 2025

Purple teaming in an Active Directory (AD) context is the discipline of running controlled, authorized attack simulations (red) while observing, tuning, and validating detection + response (blue). Done well, it turns vague goals like “improve AD security” into measurable outcomes: which attacks did we detect, how fast, with what signal quality, and what changed because of it. This guide…

Active Directory Fundamentals

Using BloodHound to map privilege escalation

November 14, 2025

Using BloodHound to Map Privilege Escalation in Active Directory Privilege escalation in Active Directory (AD) rarely happens as a single “big misconfiguration.” It’s usually a chain: a little too much delegated access here, a leftover admin right there, an ACL that nobody remembers, and suddenly an attacker (or a red team) has a clean path to Domain Admin. …

Creating compliance alerts with Entra Identity Governance

How to detect Golden Ticket attacks

Detecting Kerberoasting with PowerShell and logs

Mapping legacy AD groups to Entra roles

Simulating AD attacks with Purple Team labs

Using BloodHound to map privilege escalation

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

How to fix slow DNS lookup

Legacy D-Link DSL Routers Exploited via Unauthenticated DNS Hijacking (CVE-2026-0625)

Migrating from AD FS to Azure AD SSO