Recent AD News

Legacy D-Link DSL Routers Exploited via Unauthenticated DNS Hijacking (CVE-2026-0625)

January 12, 2026
LA critical command-injection flaw in legacy (end-of-life) D-Link DSL gateway routers is being actively exploited to achieve unauthenticated remote code execution (RCE) and silent DNS setting changes (DNS hijacking). What happened (and why it matters) The bug is tracked as CVE-2026-0625 (CVSS 9.3) and sits in the router CGI endpoint dnscfg.cgi, where DNS configuration parameters aren’t properly…
Read more
Active Directory Fundamentals

How to detect Golden Ticket attacks

November 14, 2025
How to Detect Golden Ticket Attacks in Active Directory A Golden Ticket attack is one of the most damaging post-compromise techniques in Active Directory: an attacker forges a Kerberos Ticket Granting Ticket (TGT) using the KRBTGT account secret, then impersonates any user (often Domain Admin) to access domain resources while blending into “normal”…
Read more
Active Directory Fundamentals

Mapping legacy AD groups to Entra roles

November 14, 2025
Mapping Legacy Active Directory Groups to Microsoft Entra Roles Legacy Active Directory (AD) group designs often carry years of historical decisions: “one group per admin team,” “one group per tool,” and the classic “Domain Admins-but-not-really” pattern. In Microsoft Entra ID, the control surface changes: privileged actions are driven by roles (directory…
Read more
Active Directory Fundamentals

Using BloodHound to map privilege escalation

November 14, 2025
Using BloodHound to Map Privilege Escalation in Active Directory Privilege escalation in Active Directory (AD) rarely happens as a single “big misconfiguration.” It’s usually a chain: a little too much delegated access here, a leftover admin right there, an ACL that nobody remembers, and suddenly an attacker (or a red team) has a clean path to Domain Admin. …
Read more
Active Directory Fundamentals

Identifying unsecure SPN configurations

October 31, 2025
Identifying Insecure SPN Configurations in Active Directory (Detection + Fix Runbook) Service Principal Names (SPNs) are a core part of how Kerberos knows which service you’re trying to reach and which account should decrypt the service ticket. That also makes SPNs a high-signal control point for both security and reliability: weak service-account hygiene, legacy…
Read more
Active Directory Fundamentals

Mitigating unconstrained delegation vulnerabilities

October 31, 2025
Mitigating Unconstrained Delegation Vulnerabilities in Active Directory Unconstrained delegation is one of those “it worked in 2006” features that becomes a high-impact breach path in modern AD environments. This guide gives you a field-ready plan to find it, remove it safely, migrate to better models (constrained delegation / RBCD), and set…
Read more