• Oct 31, 2025

    AdminSDHolder Blog and E-Book

    As you may be able to tell by my domain name, I'm partial to AdminSDHolder. It's one of my favorite Active Directory nich topics. It's part of my personal brand. And now, I literally wrote the e-book on AdminSDHolder.

    Head to https://specterops.io/resources/adminsdholder/ to download the 159 page E-Book in PDF format.

    I also wrote a little bit shorter blog to sumarize the topic in at least a hundred less pages.

    Why am I so interested in AdminSDHolder? Well, it's one of the cornerstone security mechanisms in Active Directory. It's been around since Windows Server 2000 brought Active Directory to us 25+ years ago. And it's something that much of the Internet is confidently wrong about. Even Microsoft's primary documentation on AdminSDHolder gets several important details incorrect.

  • Jul 1, 2025

    New Microsoft MVP

    I was honored this morning to receive an email from Microsoft stating that I've been accepted to the Microsoft Most Valuable Professionals program in the area of Identity & Access.

    You’ve been accepted to the Microsoft MVP Program

  • May 27, 2025

    Understanding & Mitigating BadSuccessor

    On May 21, 2025 Yuval Gorden of Akamai released his blog BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory, which details how the new Delegated Managed Service Account (dMSA) feature introduced to Active Directory by Windows Server 2025 can be abused to impersonate any security principal or potentially recover credentials from any security principal.

    Only Microsoft can remediate the underlying issues around BadSuccessor, but in the meantime we can mitigate the issue by focusing on the DACL abuses required for the attacker to gain control of a dMSA. I wrote up Understanding & Mitigating BadSuccessor to explore the DACL abuse primitives and ways to mitigate them. The blog also includes a reference to my GitHub where I've included PowerShell scripts which automate the hard work of creating ACEs on OUs and containers where dMSA accounts could reside.

  • Feb 21, 2025

    Updates to Owner or Pwned?

    I pushed some updates to my whitepaper on Active Directory Object Ownership today after Mark M. provided some great feedback on the document, including that all the links in the PDF were broken. You can download it here: Owner or Pwned?: Disccovering and Remediating AD Object Ownership Issues This is 50+ pages of details on how ownership works in Active Directory and in really any Microsoft Windows environment where Securable Objects are present.

  • Nov 27, 2024

    Concerts I've Attended

    An attempt to piece together the puzzle of all the concerts I've been to over the years from most recent to longest ago. I've always wanted to try to piece this together since we generally stopped getting paper concert tickets. I think I'm missing a couple here, and I need to go through my stack of paper tickets to fill in some blanks that I'm blanking on. I'll just edit those in later.

  • Nov 26, 2024

    Hello World

    Hello World. This is my first post using Jekyll on GitHub Pages.

    I may post some stuff here.