Lessons in Disabling RC4 in Active Directory Published Mar 2, 2021 | Active Directory Customer lessons learned when disabling RC4 in Active Directory. Read Article About Steve Syfuhs Steve Syfuhs (right) is a developer on the Azure Active Directory team at Microsoft building authentication services with a focus on Windows security. Read More about Steve Twitter: https://twitter.com/stevesyfuhs Github: https://github.com/SteveSyfuhs
OPS108: Windows authentication internals in a hybrid world Published Feb 2, 2021 I recently recorded a presentation on the internals of hybrid Windows authentication. Go watch it. Read Article | Windows
Identity Delegation in Active Directory Published Jan 26, 2021 Active Directory delegation is an often misunderstood technology. Here's an in-depth look at how it works. Read Article | Security
Preventing UAC Bypass through Kerberos Loopback Published Jan 21, 2021 User Account Control is a local authorization mechanism. Can you bypass it by going through the network? No. Here's why. Read Article | Windows
Hybrid Authentication with FIDO Published Jan 19, 2021 FIDO is how we're tackling passwordless authentication. Have you ever wondered how it works? Read Article | Windows
Kerberos FAST Armoring Published Jan 16, 2021 FAST Armoring is a Kerberos extension intended to improve the security of the Kerberos protocol. Read Article | Kerberos
Windows and Domain Trusts Published Nov 24, 2020 Domain trusts are complicated. Here's how they work. Read Article | Windows
How Azure AD Windows Sign-in Works Published Sep 22, 2020 Let's talk Azure AD join and what that means to a Windows device. What's it mean to be joined to something? Read Article | Kerberos
Kerberos Explained in a Little Too Much Detail Published Sep 15, 2020 Kerberos is an authenticated key agreement protocol based on the Needham-Schroeder protocol. That's too complicated -- let's break it down a little. Read Article | Kerberos
How Authentication Works when you use Remote Desktop Published Sep 9, 2020 Have you ever wondered how authentication works for things like Remote Desktop? Read Article | Windows
What Happens When you Type Your Password into Windows? Published Sep 9, 2020 Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter? Read Article | Windows
Examining Kerberos Messages with Fiddler Published Aug 9, 2020 A new extension has been created that lets users read Kerberos messages within Fiddler. Read Article | Kerberos
KDC Proxy for Remote Access Published May 27, 2020 There's a little known feature in Windows called the KDC Proxy that lets clients communicate with KDC servers over an HTTPS channel instead of TCP. Read Article | Authentication
About Cryptography in Kerberos.NET Published Jan 10, 2020 The Kerberos.NET library relies on a few cryptographic primitives for Kerberos. This post describes what those primitives are and how they're used. Read Article | Kerberos
Cross Platform Support for Kerberos.NET Published Dec 30, 2019 Kerberos.NET is built to be used across multiple platforms, however there are some caveats. Read Article | Kerberos.NET