Authentication Protocols Active Directory Primary Protocol: Kerberos (v5) with NTLM fallback Authentication Flow: Client requests TGT from Domain Controller DC verifies credentials against database Client receives TGT and service tickets Encryption: AES-256 (default), supports RC4 for legacy Token Lifetime: Default 10 hours (configurable) Smart Card Support: Native through PKINIT OpenLDAP Primary Protocol: LDAP (v3) with SASL mechanisms **Authentication Methods: Simple…
Tag: ActiveDirectory
How to prevent lateral movement to Entra ID when your Active Directory has fallen
Hey Hey, such a long read, but please take a time for review. At the moment, the biggest threat to an Entra ID tenant in the vast majority of environments comes from the connected Active Directory. Attackers are (currently) focusing heavily on on-prem environments, as these are generally much more difficult to protect and are…