Misconfiguration Manager: Overlooked and Overprivileged

Misconfiguration Manager: Overlooked and Overprivileged

TL;DR: Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. We’re also presenting this material at SO-CON 2024 on March 11, 2024. We’ll update this post with a link to the recording when it becomes available.BackgroundSuppose you’ve been following ... Read More
The Phantom Credentials of SCCM: Why the NAA Won’t Die

The Phantom Credentials of SCCM: Why the NAA Won’t Die

TL;DR — Stop Using Network Access Accounts!If a Windows machine has ever been an SCCM client, there may be credential blobs for the network access account (NAA) on disk.If an Active Directory account has ever been configured as an NAA, there may be credential blobs for that account on Windows hosts in the ... Read More