The Ghosts of Exchange: Hidden Permissions Lurking in Active Directory

Even after uninstalling Exchange, traces of its deep integration with Active Directory remain — powerful groups, lingering ACLs, legacy attributes, and automation leftovers. Whether Exchange is running or long gone, ignoring what it left behind could leave your domain exposed. Here's what you need to know (and clean up) before someone else does

Shadow Admins in Active Directory: The Privilege You Don’t See (Until It’s Too Late)

Shadow Admins are the privilege paths you’re not watching. These accounts don’t belong to Domain Admins, but they can take over your environment anyway — thanks to ACL misconfigurations, GPO access, or SIDHistory abuse. If you're only auditing group membership, you're already exposed.

Kerberoasting: How It Works, How to Defend, and How to Minimize the Damage

Learn how Kerberoasting exploits Kerberos authentication in Active Directory, how it works, and what steps you can take to defend against it.

Tiering in Active Directory: Effective Strategy to Increase Security and Resiliency

Active Directory (AD) is the beating heart of identity and IT asset management in many organizations. Being a critical system, the AD frequently becomes the target of cyber attacks aimed at gaining elevated privileges or compromising entire corporate infrastructures. For this reason, tiering has become a critical approach to reducing risk and ensuring greater security … Continue reading Tiering in Active Directory: Effective Strategy to Increase Security and Resiliency →

Migrating Your Windows Device from Active Directory to ENTRA ID

In a world where mobility is crucial, maintaining an AD joined computer can change from an asset to a burden. Modern users are constantly on the move. They do not rely on applications that need a constant remote connection. These users often manage a device tethered to an on-premise infrastructure. Instead of simplifying their daily … Continue reading Migrating Your Windows Device from Active Directory to ENTRA ID →

Windows LAPS: Transition from Legacy to Modern Password Management

The legacy Microsoft LAPS product is deprecated as of Windows 11 23 H2 and later. The installation of the legacy Microsoft LAPS MSI package is blocked on newer versions of the operating system. Microsoft will no longer consider code changes for the legacy Microsoft LAPS product. Microsoft recommends using Windows LAPS to manage local administrator … Continue reading Windows LAPS: Transition from Legacy to Modern Password Management →