The Vilkas Wire

Active Directory changes constantly between annual penetration tests, creating hidden security drift, access creep, and opening up new…Active Directory changes constantly between annual penetration tests, creating hidden security drift, access creep, and opening up new attack chains that point-in-time assessments often miss.

"Strong" password policies still fail in Active Directory. Learn how weak passwords, credential reuse, and defaults lead to compromise—and…"Strong" password policies still fail in Active Directory. Learn how weak passwords, credential reuse, and defaults lead to compromise—and how to fix it.

Common vendor setup guides introduce dangerous Active Directory misconfigurations. Learn how over-permissioning leads to domain compromise…Common vendor setup guides introduce dangerous Active Directory misconfigurations. Learn how over-permissioning leads to domain compromise and how to fix it.

ESC8 abuses AD CS web enrollment with NTLM relay to mint certificates, impersonate machines/DCs, and escalate to full Active Directory…ESC8 abuses AD CS web enrollment with NTLM relay to mint certificates, impersonate machines/DCs, and escalate to full Active Directory domain compromise.

Weak access controls on AD CS certificate templates (ESC4) allow attackers to edit certificate templates, which can be used in attacks…Weak access controls on AD CS certificate templates (ESC4) allow attackers to edit certificate templates, which can be used in attacks resulting in domain compromise.

Most penetration tests succeed or fail before testing even begins. This post breaks down what proper scoping actually looks like.Most penetration tests succeed or fail before testing even begins. This post breaks down what proper scoping actually looks like.

Learn how missing LDAP signing enables credential relay, footholds, and chained Active Directory attacks during real internal penetration…Learn how missing LDAP signing enables credential relay, footholds, and chained Active Directory attacks during real internal penetration tests.

How unsigned SMB traffic is abused during internal penetration tests, why “enabled but not required” still fails, and how this…How unsigned SMB traffic is abused during internal penetration tests, why “enabled but not required” still fails, and how this misconfiguration enables real attack chains.

When Active Directory is in scope, giving your pentester a low‑privilege password is not cheating; it simulates a compromised user account…When Active Directory is in scope, giving your pentester a low‑privilege password is not cheating; it simulates a compromised user account and exposes real identity risk in your internal environment.