home.social

#activedirectorysecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #activedirectorysecurity, aggregated by home.social.

  1. Identity compromise continues to dominate intrusion chains.
    From the Sophos Active Adversary Report 2026:
    • 67% of initial access attributed to identity abuse
    • 3.4-hour median to Active Directory pivot
    • 3-day median dwell time
    • 88% ransomware deployment off-hours
    • 79% data exfiltration off-hours
    Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
    The compressed timeline from credential misuse to directory-level access underscores the need for:
    – Continuous identity monitoring
    – Behavioral analytics
    – After-hours SOC coverage
    – Conditional access enforcement
    – Least-privilege architecture
    Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

    Is identity governance keeping pace with adversary dwell time compression?
    Engage below.

    Source: sophos.com/en-us/press/press-r

    Follow TechNadu for high-signal infosec analysis.

    Repost to strengthen industry awareness.

    #Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

  2. Identity compromise continues to dominate intrusion chains.
    From the Sophos Active Adversary Report 2026:
    • 67% of initial access attributed to identity abuse
    • 3.4-hour median to Active Directory pivot
    • 3-day median dwell time
    • 88% ransomware deployment off-hours
    • 79% data exfiltration off-hours
    Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
    The compressed timeline from credential misuse to directory-level access underscores the need for:
    – Continuous identity monitoring
    – Behavioral analytics
    – After-hours SOC coverage
    – Conditional access enforcement
    – Least-privilege architecture
    Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

    Is identity governance keeping pace with adversary dwell time compression?
    Engage below.

    Source: sophos.com/en-us/press/press-r

    Follow TechNadu for high-signal infosec analysis.

    Repost to strengthen industry awareness.

    #Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

  3. Identity compromise continues to dominate intrusion chains.
    From the Sophos Active Adversary Report 2026:
    • 67% of initial access attributed to identity abuse
    • 3.4-hour median to Active Directory pivot
    • 3-day median dwell time
    • 88% ransomware deployment off-hours
    • 79% data exfiltration off-hours
    Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
    The compressed timeline from credential misuse to directory-level access underscores the need for:
    – Continuous identity monitoring
    – Behavioral analytics
    – After-hours SOC coverage
    – Conditional access enforcement
    – Least-privilege architecture
    Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

    Is identity governance keeping pace with adversary dwell time compression?
    Engage below.

    Source: sophos.com/en-us/press/press-r

    Follow TechNadu for high-signal infosec analysis.

    Repost to strengthen industry awareness.

    #Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

  4. Identity compromise continues to dominate intrusion chains.
    From the Sophos Active Adversary Report 2026:
    • 67% of initial access attributed to identity abuse
    • 3.4-hour median to Active Directory pivot
    • 3-day median dwell time
    • 88% ransomware deployment off-hours
    • 79% data exfiltration off-hours
    Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
    The compressed timeline from credential misuse to directory-level access underscores the need for:
    – Continuous identity monitoring
    – Behavioral analytics
    – After-hours SOC coverage
    – Conditional access enforcement
    – Least-privilege architecture
    Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

    Is identity governance keeping pace with adversary dwell time compression?
    Engage below.

    Source: sophos.com/en-us/press/press-r

    Follow TechNadu for high-signal infosec analysis.

    Repost to strengthen industry awareness.

    #Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

  5. Windows Server 2025’s BadSuccessor flaw lets attackers hijack any Active Directory account—even admins—with minimal access. Default configs are at risk, and no patch is out yet. Don’t wait to secure your AD! #ActiveDirectorySecurity

    pupuweb.com/how-does-the-badsu

  6. Windows Server 2025’s BadSuccessor flaw lets attackers hijack any Active Directory account—even admins—with minimal access. Default configs are at risk, and no patch is out yet. Don’t wait to secure your AD! #ActiveDirectorySecurity

    pupuweb.com/how-does-the-badsu

  7. Windows Server 2025’s BadSuccessor flaw lets attackers hijack any Active Directory account—even admins—with minimal access. Default configs are at risk, and no patch is out yet. Don’t wait to secure your AD! #ActiveDirectorySecurity

    pupuweb.com/how-does-the-badsu

  8. Windows Server 2025’s BadSuccessor flaw lets attackers hijack any Active Directory account—even admins—with minimal access. Default configs are at risk, and no patch is out yet. Don’t wait to secure your AD! #ActiveDirectorySecurity

    pupuweb.com/how-does-the-badsu

  9. So, I'm considering taking some risks and leaning into setting up AD and domain on my home network, with my homelab.

    I'm concerned about what risks I should watch out for, and things I should keep in mind while setting it up and configuring it. My only hands on experience with setting that stuff up, was in a lab setting for one of my classes for school, and it was a very basic overview, and didn't cover the security risk side of things.

    I don't really have a huge need or reason to do this, largely just curious about the setup and management of a dozen or so computers on a small network like this.

    Also concerned about configuring my network shares for Android devices that exist on the network, that access the shares for media streaming as well.

    #windowsadmin #sysadmin #activedirectory #ActiveDirectorySecurity #domainadmin #infosec #windowssecurity #windowsserver #HomeLabServer #homelab #serveradmin

  10. So, I'm considering taking some risks and leaning into setting up AD and domain on my home network, with my homelab.

    I'm concerned about what risks I should watch out for, and things I should keep in mind while setting it up and configuring it. My only hands on experience with setting that stuff up, was in a lab setting for one of my classes for school, and it was a very basic overview, and didn't cover the security risk side of things.

    I don't really have a huge need or reason to do this, largely just curious about the setup and management of a dozen or so computers on a small network like this.

    Also concerned about configuring my network shares for Android devices that exist on the network, that access the shares for media streaming as well.

    #windowsadmin #sysadmin #activedirectory #ActiveDirectorySecurity #domainadmin #infosec #windowssecurity #windowsserver #HomeLabServer #homelab #serveradmin

  11. So, I'm considering taking some risks and leaning into setting up AD and domain on my home network, with my homelab.

    I'm concerned about what risks I should watch out for, and things I should keep in mind while setting it up and configuring it. My only hands on experience with setting that stuff up, was in a lab setting for one of my classes for school, and it was a very basic overview, and didn't cover the security risk side of things.

    I don't really have a huge need or reason to do this, largely just curious about the setup and management of a dozen or so computers on a small network like this.

    Also concerned about configuring my network shares for Android devices that exist on the network, that access the shares for media streaming as well.

    #windowsadmin #sysadmin #activedirectory #ActiveDirectorySecurity #domainadmin #infosec #windowssecurity #windowsserver #HomeLabServer #homelab #serveradmin

  12. So, I'm considering taking some risks and leaning into setting up AD and domain on my home network, with my homelab.

    I'm concerned about what risks I should watch out for, and things I should keep in mind while setting it up and configuring it. My only hands on experience with setting that stuff up, was in a lab setting for one of my classes for school, and it was a very basic overview, and didn't cover the security risk side of things.

    I don't really have a huge need or reason to do this, largely just curious about the setup and management of a dozen or so computers on a small network like this.

    Also concerned about configuring my network shares for Android devices that exist on the network, that access the shares for media streaming as well.

    #windowsadmin #sysadmin #activedirectory #ActiveDirectorySecurity #domainadmin #infosec #windowssecurity #windowsserver #HomeLabServer #homelab #serveradmin

  13. So, I'm considering taking some risks and leaning into setting up AD and domain on my home network, with my homelab.

    I'm concerned about what risks I should watch out for, and things I should keep in mind while setting it up and configuring it. My only hands on experience with setting that stuff up, was in a lab setting for one of my classes for school, and it was a very basic overview, and didn't cover the security risk side of things.

    I don't really have a huge need or reason to do this, largely just curious about the setup and management of a dozen or so computers on a small network like this.

    Also concerned about configuring my network shares for Android devices that exist on the network, that access the shares for media streaming as well.

    #windowsadmin #sysadmin #activedirectory #ActiveDirectorySecurity #domainadmin #infosec #windowssecurity #windowsserver #HomeLabServer #homelab #serveradmin

  14. CW: Free Adalanche Professional license draw

    Winter solstice giveaway: one random lucky winner will get a full 3 month commercial license version of my attack graph analyzer Adalanche Professional!

    With that you can start the new year doing valuable blue side efforts in your company: find Active Directory problems leading to Domain Admin, locate misconfigured ADCS templates, finally get some tiering done and how about taking a look at who can do what inside your vCenter? To get you going, I'll assist you remote for two hours (also free) if you want.

    There's more info on what you can do with this on netsection.com

    To enter the draw just boost this toot. I'll contact winner via Mastodon DM on Friday (~48 hours from now), and you'll have 24 hours to respond, otherwise I'll pick another winner.

    Please note: license is issued to one named AD but can analyze any amount of trusted or trusting domains too.

    #ActiveDirectory #ActiveDirectorySecurity

  15. CW: Free Adalanche Professional license draw

    Winter solstice giveaway: one random lucky winner will get a full 3 month commercial license version of my attack graph analyzer Adalanche Professional!

    With that you can start the new year doing valuable blue side efforts in your company: find Active Directory problems leading to Domain Admin, locate misconfigured ADCS templates, finally get some tiering done and how about taking a look at who can do what inside your vCenter? To get you going, I'll assist you remote for two hours (also free) if you want.

    There's more info on what you can do with this on netsection.com

    To enter the draw just boost this toot. I'll contact winner via Mastodon DM on Friday (~48 hours from now), and you'll have 24 hours to respond, otherwise I'll pick another winner.

    Please note: license is issued to one named AD but can analyze any amount of trusted or trusting domains too.

    #ActiveDirectory #ActiveDirectorySecurity

  16. CW: Free Adalanche Professional license draw

    Winter solstice giveaway: one random lucky winner will get a full 3 month commercial license version of my attack graph analyzer Adalanche Professional!

    With that you can start the new year doing valuable blue side efforts in your company: find Active Directory problems leading to Domain Admin, locate misconfigured ADCS templates, finally get some tiering done and how about taking a look at who can do what inside your vCenter? To get you going, I'll assist you remote for two hours (also free) if you want.

    There's more info on what you can do with this on netsection.com

    To enter the draw just boost this toot. I'll contact winner via Mastodon DM on Friday (~48 hours from now), and you'll have 24 hours to respond, otherwise I'll pick another winner.

    Please note: license is issued to one named AD but can analyze any amount of trusted or trusting domains too.

    #ActiveDirectory #ActiveDirectorySecurity

  17. CW: Free Adalanche Professional license draw

    Winter solstice giveaway: one random lucky winner will get a full 3 month commercial license version of my attack graph analyzer Adalanche Professional!

    With that you can start the new year doing valuable blue side efforts in your company: find Active Directory problems leading to Domain Admin, locate misconfigured ADCS templates, finally get some tiering done and how about taking a look at who can do what inside your vCenter? To get you going, I'll assist you remote for two hours (also free) if you want.

    There's more info on what you can do with this on netsection.com

    To enter the draw just boost this toot. I'll contact winner via Mastodon DM on Friday (~48 hours from now), and you'll have 24 hours to respond, otherwise I'll pick another winner.

    Please note: license is issued to one named AD but can analyze any amount of trusted or trusting domains too.

    #ActiveDirectory #ActiveDirectorySecurity

  18. CW: Free Adalanche Professional license draw

    Winter solstice giveaway: one random lucky winner will get a full 3 month commercial license version of my attack graph analyzer Adalanche Professional!

    With that you can start the new year doing valuable blue side efforts in your company: find Active Directory problems leading to Domain Admin, locate misconfigured ADCS templates, finally get some tiering done and how about taking a look at who can do what inside your vCenter? To get you going, I'll assist you remote for two hours (also free) if you want.

    There's more info on what you can do with this on netsection.com

    To enter the draw just boost this toot. I'll contact winner via Mastodon DM on Friday (~48 hours from now), and you'll have 24 hours to respond, otherwise I'll pick another winner.

    Please note: license is issued to one named AD but can analyze any amount of trusted or trusting domains too.

    #ActiveDirectory #ActiveDirectorySecurity