Jerry Devore

Active Directory Hardening Series – Part 2 – Removing SMBv1

Hi All!  Jerry Devore back again with another hardening Active Directory topic.  Before we jump into the technical stuff, I would like to briefly share some tips for structuring a protocol hardening project.  I picked up these suggestions from working with customers who have been successful in their protocol hardening efforts. Tip #1 – Collaborate […]

Active Directory Hardening Series – Part 2 – Removing SMBv1 Continue Reading

Active Directory Hardening Series – Part 1 – Disabling NTLMv1

Hello everyone, Jerry Devore back again after to along break from blogging to talk about Active Directory hardening.  In my role at Microsoft, I have found every organization has room to improve when it comes to hardening Active Directory.  Many times, customers are aware of issues but are afraid of unintended impacts if they make

Active Directory Hardening Series – Part 1 – Disabling NTLMv1 Continue Reading

Decrypting the Selection of Supported Kerberos Encryption Types

In recent months Microsoft support has received a lot of questions regarding disabling RC4 for the encryption of Kerberos tickets.  If I had to guess the CIS L1 Baseline and RFC 8429 guidance to disable RC4 is responsible for much of that interest.  While RC4 has not been formally deprecated in Active Directory, the evolution

Decrypting the Selection of Supported Kerberos Encryption Types Continue Reading