Manually injecting a SID in a certificate

With KB5014754, released on May 10, 2022, a CA injects the Security Identifier (SID) of accounts as a new extension in issued certificates. But what if we want to inject it manually?

Remote Desktop, MFA, Network Level Authentication and KDC Proxy

Introduction Recently I was presented with a challenge at one of my customers. We were setting up a new, completely isolated environment with its own Active Directory forest, PKI, ADFS, hypervisors and supporting infrastructure: we had to build pretty much everything from scratch. Since the customer is quite security oriented and an external vendor were…

Supply in the Request Shenanigans

Active Directory Certificate Services makes it easy to issue certificates for any organization. But is there something lurking beneath the surface?

Bypassing WIA on ADFS

AD FS Single Sign-On is a wonderful feature for your users, as they don’t have to log on manually after logging on to their computer. But what if you need to provide Forms-Based Authentication for some clients or users?

About Me

I work with Active Directory, federation and PKI. Currently employed as a consultant in the Directory Services area. I do programming from time to time in C# and PowerShell.

Main interests outside the professional are mathematics, science (astronomy, physics), gaming, medieval fantasy literature, psychology and politics. YouTube, Twitch and Netflix are my main sources of entertainment.


Get new content delivered directly to your inbox.