Active Directory (AD) is the backbone of identity and access in most organizations. It is also one of the biggest targets for attackers. Weak or poorly monitored AD environments often lead to breaches, privilege escalation, and compliance failures. That’s why regular AD auditing is critical for maintaining security, detecting suspicious behavior, and aligning with cyber […]
Active Directory monitoring on Windows Domain Controllers involves tracking a wide range of events from the Security log (audit events such as logons and account management) and the Directory Service log (AD DS operational events like replication issues). Below, we provide tables of relevant Windows Event IDs, their provider/source, which Event Log they appear in, […]
Kerberoasting is a post-exploitation attack technique targeting the Kerberos authentication protocol in Active Directory. In a Kerberoasting attack, an adversary uses a valid (even low-privilege) domain user account to request service tickets for service accounts – accounts that have a Service Principal Name (SPN) registered. These service tickets (TGS tickets) are encrypted with the service […]
In April 2025, British retail giant Marks & Spencer (M&S) was hit by a devastating ransomware attack that disrupted operations, paused online orders, and caused widespread financial damage. Nearly £700 million was wiped from its market valuation, and customers experienced delays, store issues, and service outages. The group behind this attack? A sophisticated hacking gang […]
Office 365 Security Best Practices Guide. In 2025, Office 365 (now Microsoft 365) continues to be the dominant productivity platform used by organizations around the world. With this popularity comes increasing threats from cyberattacks, phishing campaigns, and unauthorized access. As an IT admin, your responsibility is to ensure your tenant is configured securely to reduce […]
Free Active Directory Compliance tool for CIS benchmarks, SOX, NIST, GDPR and HIPAA. I’ve created a Powershell script that outputs a HTML report on the status of your Active Directory in regards to your compliance. Run on as many domains as you need. You can run it remotely, just specify the domain controller and the […]
Top 15 Best Vulnerability Scanner Tools in Cybersecurity. In this post, we introduce Vulnerability Scanning solutions and explain best vulnerability scanner tools to secure your infrastructure. All in all, vulnerability scanning and assessment to management, all share a significant cybersecurity principle. In turn, that restricts hackers from getting in. An essential IT security needs to […]
SOX Compliance Checklist – Audit Requirements Explained (Best Practice). In this post, we will introduce SOX and explain about SOX compliance, and audit requirements. First of all, The United States Congress issued the Sarbanes-Oxley Act (SOX) to prevent the public from fraudulent practices by corporations. In 2002, the passing of the SOX increased financial reporting […]
Create Active Directory Group Policy Reports with PowerShell. With the help of the Get-GpoReport cmdlet, we can produce reports on Group Policies (GPO), ranging from straightforward text based ones to fully fledged Hypertext Markup Language (HTML) reports. In addition, we may automate this report generation process with PowerShell. This is to save time and gain […]
Find SID in Active Directory Users and Computers Using PowerShell. The Security Identifier or SID is a unique ID number assigned to each Windows user, group, or computer on the domain-controlled network. So, for example, if we’ve ever tried to manage File and Folder permissions or browsed through the registry, we might have seen a […]