Helpline Group Bahrain13h ago

With trusted support across the Gulf and beyond, Helpline Public Relations WLL helps you prepare with clarity, speed, and confidence-so you are ready when the next opportunity arrives.

#GoodStandingCertificate #DocumentPreparation #ImmigrationSupport #EmploymentAbroad #ResidencyProcess #BusinessCompliance #HelplinePublicRelationsWLL #HelplineBahrain #GulfServices #DocumentSupport #CertificateServices #AttestationServices #LegalDocuments

Michael C. BazarewskyFeb 28, 2023
An interesting post around #ADCS #ActiveDirectory #CertificateServices validation and concerns around it https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/the-nightmare-of-validating-certificate-requests/ba-p/3743769
The Nightmare of Validating Certificate Requests

Certificate templates and Registration Authorities In short, certificate templates in Active Directory define which information an acceptable certificate request must include, how the request and the subject and/or Subject Alternative Names (SANs) are verified, and which accounts are allowed to requ...

TECHCOMMUNITY.MICROSOFT.COM
Jake Hildreth (acorn) Feb 27, 2023

The Locksmith Active Directory (AD) Certificate Services (CS) remediation tool has been updated: https://github.com/TrimarcJake/Locksmith

New features:
- Support for Restricted Admin Mode. If RAM is detected, Locksmith will ask to be re-run using the -Credential switch.
- If the AD Powershell module is not installed on Win 10/11, Locksmith will attempt to install it for you.
Note: previously only available on server-class OSes.
- New functions for checking user type and elevation status.
- Auto-generated snippets for ownership issues (a subset of ESC4/ESC5).
- Support for non-English Active Directory environments!

Next planned updates:
- Add individual CA Hosts to $SafeUsers using SIDs.
- Perform additional environment checks before attempting to run.
- Rename modes to something that makes sense.

#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #PKI #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza

GitHub - TrimarcJake/Locksmith: A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. - TrimarcJake/Locksmith

GitHub
Jake Hildreth (acorn) Nov 10, 2022

Locksmith has been updated: https://github.com/TrimarcJake/Locksmith

New features:
- Improved on-screen explanation of what the script is doing
- Improved output formatting
- Confirmation now required before the AD CS environment is changed
- If Locksmith changes your environment, a script is created to easily revert those changes.
- Less false positives
- If Active Directory module is not installed, Locksmith will attempt to install it for you.

Next planned updates:
- Strict Mode support
- RDP Restricted Admin support

#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza

GitHub - TrimarcJake/Locksmith: A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. - TrimarcJake/Locksmith

GitHub
Jake Hildreth (acorn) Nov 7, 2022

#introduction

Hi. I'm Jake. I'm a recovering sysadmin now working in identity security. I'm a husband, dad, wannabe powerlifter, and blue teamer for life.I enjoy figuring out how stuff works by getting my hands dirty. I maintain the Locksmith AD CS remediation assistant https://github.com/TrimarcJake/Locksmith

Current areas of focus: improving internal tooling, AD CS security, Protected Users group evangelism

#activedirectory #adcs #identity #identitysecurity #iam #locksmith #certificateservices #blueteam