Mark R. Gamache's Random Blog

Here's random stuff related to what I am working on or interested in during my work day or in my personal life. I'm a nerd. The content will be nerdy.

Wednesday, July 15, 2020

Exploiting AD gpLink for Good or Evil

›

GPOwn GPOwn TL;DR If you can edit gpLink, you can link to user and machine group polices that do not reside on domain cont...

3 comments:

Wednesday, March 28, 2018

If I Can't Reach Active Directory, it's Down

›

Unless it's not. I recently had a customer tell me that my AD servers were broken. They were unable to set SPNs via Setspn . They we...

Living off the land with Kerberos and netsh interface portproxy

›

Have you ever been in the situation where you need to do some remote PowerShell on a machine, but you can’t find a layer 3 path to the serv...

Monday, August 28, 2017

Keep an Eye on Your Index Fund Dollars. You May be Surprised.

›

Keep and eye on your Index fund money There has been a lot of talk about index funds in the last six months. Warren Buffett r...

Friday, August 25, 2017

Detecting Attackers in a Windows Active Directory Network

›

I Smell Attackers TL;DR If you know Pass the hash, Mimikatz, and BloodHound, jump down to the detection section. The Pain Wi...

7 comments:

Sunday, August 20, 2017

Keep an Eye on Those Bond Investment Fees

›

While re-balancing my portfolio stock/bond/cash ratios, I discovered something I had not seen before… While I talk about my Fidelity acco...

Monday, August 7, 2017

Copying the NTAuth Enterprise store certificates from one Forest to another

›

The enterprise NTAuth store is a key Active Directory configuration item. It is key to allowing user to login with smartcards. When using P...

›

Home

View web version