Hello S-1-1-0, here is another unscheduled blog post on enabling advanced audit in Microsoft CA. Today I went through another thread on Twitter which suggests how to enable advanced audit in Microsoft CA. Throughout the thread it was apparent that only partial solution was provided. Windows CA auditing engines Microsoft CA implements a set of…
Read More
Today I went through a thread on Twitter with claims that there is no supported way to revoke a rogue certificate with known serial number in Microsoft CA. TL;DR skip to next section The long story short: the thread originally was focused on an OCSP deterministic response support. The idea behind this is that by…
Read More
This morning we provided details to our existing support and co-management customers on a recent notice of vulnerability to certain Microsoft ADCS configurations. The exploit involves NTLM and leveraging some ADCS PKI components. Full details can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV210003. Summary In environments with NTLM authentication still enabled in Active Directory and when using ADCS…
Read More
Hello again! Welcome to my second blog. Going to shift gears a bit from my personal PKI journey to discuss cyber-attacks. With the recent SolarWinds and Colonial Pipeline incidents, cyber-attacks have been dominating the news. These are just two of the latest in a string of attacks that are becoming all too frequent. These assaults…
Read More
In November, 2010 Iranian president Mahmoud Ahmadinejad announced that a “cyber weapon” had been deployed against the Natanz nuclear laboratory. Indeed, some infosec pundits subsequently referred to the attack, called “Stuxnet”, as the first true cyber weapon to be used in anger. While that may be debatable, what is not in question is the design,…
Read More
Hello everyone! This is a quick blog post that provides information on how to register TLS certificate with Remote Desktop Services (RDS). Starting with Windows Server 2008 R2 it became extremely easy to deploy RDS certificates to AD hosts from private CA using group policies and Microsoft CA. Since then RDS over TLS should be…
Read More
Hello everyone! While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them. Problem…
Read More
Last summer while on lockdown along with the rest of the world, I was presented with an opportunity to work for PKI Solutions, a global leader in PKI consulting and professional services based in Portland, OR. At the time, I was managing my sales and marketing business and considered taking on more work. There was…
Read More
I am pleased to announce that based on overwhelming demand, starting today we are now providing licensed and supported versions of our most popular PKI tools – PowerShell PKI Module, ASN.1 Editor, and the SSL Certificate Verifier. Available in single user or enterprise licenses and includes 12-months of support for the tool. The licensing model…
Read More
[…] Solutions for their excellent posts on PKI in Active Directory, as well as their PSPKI PowerShell module, which our auditing toolkit is based […]