Lessons in Disabling RC4 in Active Directory
| Active Directory Customer lessons learned when disabling RC4 in Active Directory. Read Article
OPS108: Windows authentication internals in a hybrid world
I recently recorded a presentation on the internals of hybrid Windows authentication. Go watch it.
Identity Delegation in Active Directory
Active Directory delegation is an often misunderstood technology. Here's an in-depth look at how it works.
Preventing UAC Bypass through Kerberos Loopback
User Account Control is a local authorization mechanism. Can you bypass it by going through the network? No. Here's why.
Hybrid Authentication with FIDO
FIDO is how we're tackling passwordless authentication. Have you ever wondered how it works?
Kerberos FAST Armoring
FAST Armoring is a Kerberos extension intended to improve the security of the Kerberos protocol.
Windows and Domain Trusts
Domain trusts are complicated. Here's how they work.
How Azure AD Windows Sign-in Works
Let's talk Azure AD join and what that means to a Windows device. What's it mean to be joined to something?
Kerberos Explained in a Little Too Much Detail
Kerberos is an authenticated key agreement protocol based on the Needham-Schroeder protocol. That's too complicated -- let's break it down a little.
How Authentication Works when you use Remote Desktop
Have you ever wondered how authentication works for things like Remote Desktop?
What Happens When you Type Your Password into Windows?
Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter?
Examining Kerberos Messages with Fiddler
A new extension has been created that lets users read Kerberos messages within Fiddler.
KDC Proxy for Remote Access
There's a little known feature in Windows called the KDC Proxy that lets clients communicate with KDC servers over an HTTPS channel instead of TCP.
About Cryptography in Kerberos.NET
The Kerberos.NET library relies on a few cryptographic primitives for Kerberos. This post describes what those primitives are and how they're used.
Cross Platform Support for Kerberos.NET
Kerberos.NET is built to be used across multiple platforms, however there are some caveats.