Q&D Security

Forest Compromise Through AMA Abuse

Authentication Mechanism Assurance (AMA) is a useful feature to protect sensitive assets. However, it turns out it can be leveraged for nefarious purposes.

April 7, 2024April 10, 2024

Manually injecting a SID in a certificate

With KB5014754, released on May 10, 2022, a CA injects the Security Identifier (SID) of accounts as a new extension in issued certificates. But what if we want to inject it manually?

May 27, 2022May 30, 2022

Remote Desktop, MFA, Network Level Authentication and KDC Proxy

Introduction Recently I was presented with a challenge at one of my customers. We were setting up a new, completely isolated environment with its own Active Directory forest, PKI, ADFS, hypervisors and supporting infrastructure: we had to build pretty much everything from scratch. Since the customer is quite security oriented and an external vendor were…

May 29, 2021June 3, 2021

Supply in the Request Shenanigans

Active Directory Certificate Services makes it easy to issue certificates for any organization. But is there something lurking beneath the surface?

September 4, 2020April 7, 2024

Something went wrong. Please refresh the page and/or try again.

About Me

I work with Active Directory, federation and PKI. Currently employed as a consultant in the Directory Services area. I do programming from time to time in C# and PowerShell.

Main interests outside the professional are mathematics, science (astronomy, physics), gaming, medieval fantasy literature, psychology and politics. YouTube, Twitch and Netflix are my main sources of entertainment.

Get new content delivered directly to your inbox.

Blog