Active Directory Security: Attack Paths, Golden Tickets & How Hackers Hunt The Crown Jewel

Active Directory Security: Attack Paths, Golden Tickets & How Hackers Hunt The Crown Jewel

Active Directory security, attack paths, credential hygiene and identity hardening – this episode is for people searching “Active Directory security best practices”, “AD attack paths”, “domain admin blast radius”, “Kerberos abuse”, “golden ticket attack” or “AD CS / PKI hardening” and wanting a concrete, modern defensive playbook. We treat Active Directory as the crown jewel that attackers hunt: if they own AD, they own your organization, which is why paths like DCSync, pass‑the‑hash, lateral movement and privilege escalation via service accounts are so heavily targeted.

We walk through how misconfigured certificate templates in AD CS, weak admin tiering, and poor credential hygiene quietly create ESC1–ESC8‑style paths straight to domain dominance. You’ll hear how attackers chain small misconfigurations (service accounts, PKI, Kerberos, LSASS, delegation) into a full compromise, and how techniques like golden tickets or DCSync are often just the final step of a long‑standing blast radius problem around domain admins and privileged groups.

Then we move into defense and hardening. We explain how to map and reduce attack paths, shrink domain admin blast radius, improve credential hygiene, protect LSASS, harden AD CS and PKI, and use tiering models effectively instead of just drawing them on a slide. The goal is to give you a realistic, prioritized roadmap: which fixes reduce the most risk fastest, where to start if everything feels on fire, and how to communicate these identity security issues to stakeholders who don’t live in Kerberos every day.

WHAT YOU WILL LEARN
  • Why Active Directory is the crown jewel and prime target for attackers.
  • How attack paths form through misconfigurations, weak tiering and poor credential hygiene.
  • What techniques like DCSync, golden tickets and pass‑the‑hash actually enable in practice.
  • How AD CS, PKI and vulnerable certificate templates (ESC1–ESC8) open privilege escalation paths.
  • How to reduce domain admin blast radius and harden privileged access.
  • Practical steps to protect LSASS, service accounts and Kerberos from common abuse patterns.
  • How to use admin tiering models in a way that actually changes attacker options.
  • A pragmatic starting roadmap for AD hardening even in messy, legacy environments.
THE CORE INSIGHT

The core insight of this episode is that most organizations don’t lose Active Directory in one dramatic event – they lose it through years of small identity and PKI decisions that quietly create rich attack paths. By treating AD as a true crown jewel, mapping and shrinking attack paths, and hardening tiering, PKI and credentials systematically, you can dramatically raise the cost for attackers and take back control of your identity core.

WHO THIS IS FOR
  • Identity and security engineers responsible for Active Directory.
  • Security architects and blue teamers focused on lateral movement and privilege escalation.
  • IT admins who inherited a messy AD, PKI and tiering setup and need a way forward.
  • CISOs and security leaders prioritizing identity security and blast radius reduction.
  • Red teamers and defenders who want a shared language for AD attack paths and fixes.
ABOUT THE HOST

Mirko Peters is a Microsoft 365 consultant and host of M365.FM, where he explores modern work, security and productivity with a strong focus on identity, Active Directory and cloud‑connected environments. He helps teams translate complex identity and PKI topics into practical hardening steps that both security and infrastructure teams can execute together.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(801)

Azure Storage Accounts - Simply Explained

Azure Storage Accounts - Simply Explained

An Azure Storage Account is the foundation of Microsoft's cloud storage platform and acts as a single container that brings together multiple storage services under one roof. Rather than creating sepa...

18 Juli 13min

Azure DDoS Protection - Simply Explained

Azure DDoS Protection - Simply Explained

Azure DDoS Protection is Microsoft's managed service for defending internet-facing applications against Distributed Denial-of-Service (DDoS) attacks. These attacks attempt to overwhelm websites, APIs,...

18 Juli 16min

Azure Network Security Groups - Simply Explained

Azure Network Security Groups - Simply Explained

Azure DDoS Protection is Microsoft's managed service for defending internet-facing applications against Distributed Denial-of-Service (DDoS) attacks. These attacks attempt to overwhelm websites, APIs,...

18 Juli 14min

Azure Virtual Network - Simply Explained

Azure Virtual Network - Simply Explained

An Azure Virtual Network (VNet) is your own private network inside Microsoft Azure. It provides the secure foundation for virtually every cloud workload you deploy, including virtual machines, databas...

18 Juli 17min

Azure Private Link - Simply Explained

Azure Private Link - Simply Explained

Azure Private Link is Microsoft's networking service that enables secure, private connectivity between your Azure Virtual Network and Azure Platform-as-a-Service (PaaS) resources such as Azure Storage...

18 Juli 16min

Azure Traffic Manager - Simply Explained

Azure Traffic Manager - Simply Explained

Azure Traffic Manager is Microsoft's global DNS-based traffic distribution service that directs users to the most appropriate application endpoint anywhere in the world. Instead of sending every user ...

18 Juli 16min

Azure DNS - Simply Explained

Azure DNS - Simply Explained

Azure DNS is Microsoft's fully managed Domain Name System (DNS) hosting service that translates human-friendly domain names like contoso.com into the IP addresses computers use to communicate. Instead...

18 Juli 15min

MCP (Model Context Protocol) - Simply Explained

MCP (Model Context Protocol) - Simply Explained

The Model Context Protocol (MCP) is an open standard that allows AI models to securely connect to external tools, applications, and data sources using a single, consistent protocol. Before MCP, every ...

17 Juli 15min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
p3-krim
rss-krimstad
tv4-nyheterna-story
aftonbladet-daily
flashback-forever
de-fyras-gang
mannen-utan-spar
motiv
rss-sanning-konsekvens
rss-vad-fan-hande
spar
rss-aftonbladet-krim
rss-frandfors-horna
rss-krimreportrarna
politiken
olyckan-inifran
rss-flodet
krimmagasinet