Dave Kawula

Thank you for joining us at Live! 360 Tech Con last week! From deep-dive learning to great conversations and community moments, you made it incredible. Stay connected and get updates on what’s next at live360events.com. See you in 2026! #Live360

Microsoft 365 Local is Generally Available techcommunity.microsoft.com/blog/azurearcb… #MSIgnite #M365Local #AzureLocal

What a start to #Live360! Sunday delivered deep-dive Hands-On Labs, Monday brought full-day workshops and the Hard Rock Mix & Mingle, and Tuesday kicked off sessions, keynotes, the exhibitor welcome reception, and our new Money Machine raffle! It's been an incredible kickoff!

Wednesday at Live! 360 brought a full day of sessions, an inspiring Azure keynote, and a packed Table Topics lunch where attendees connected directly with speakers. We wrapped the night with our unforgettable Luau—Polynesian hula, fire dancers, and tons of great energy. 🔥🌺

Thanks for everyone that attended our Fundamentals of DNS session we taught entirely from my powershell script. github.com/dkawula/Operat… here is a link to this super fun code written for #techmentor. @Live360events @ecabot @SuperCristal1 @JohnONeillSr @samilaiho

Hey ⁦@Live360events⁩ here is our very special gift to all attendees. Our book bundle for FREE. Much love to all those who came to our sessions in person. @samilaiho⁩ ⁦@JohnONeillSr⁩ ⁦@SuperCristal1⁩ ⁦@ecabot⁩ #techmentor leanpub.com/b/techmentorul…

Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. bleepingcomputer.com/news/microsoft…

Azure outage blocks access to Microsoft 365 services, admin portals - @serghei bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…

Active Directory schema extension issue if you use a Windows Server 2025 schema master role | Microsoft Community Hub techcommunity.microsoft.com/blog/exchange/…

🔻 Microsoft Azure Faces Global Outage Affecting Services Worldwide Read more: cybersecuritynews.com/microsoft-azur… Microsoft Azure, one of the world's leading cloud computing platforms, experienced a significant service outage on Thursday, October 9, 2025, leaving customers across Europe and Africa unable to access their services. The disruption began at approximately 07:40 UTC, with the core issue identified as a major capacity loss within Azure Front Door (AFD), Microsoft's cloud-native Content Delivery Network (CDN). Users reported periodic connectivity problems, which extended to an inability to access the Azure Portal itself, preventing administrators from managing their own cloud infrastructure. #cybersecuritynews

Microsoft Defender mistakenly flags SQL Server as end-of-life - @serghei bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…

Microsoft 365 outage blocks access to Teams, Exchange Online - @serghei bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…

New bug in classic Outlook can only be fixed via Microsoft support - @serghei bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…

"On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service discovery features. @NVISO_Labs has identified zero-day exploitation in the wild beginning mid-October 2024. The vulnerability impacts both the #VMware Tools and VMware Aria Operations. When successful, exploitation of the local privilege escalation results in unprivileged users achieving code execution in privileged contexts (e.g., root)." blog.nviso.eu/2025/09/29/you…

🔒 Secure Bits 💡 Did you know 𝘆𝗼𝘂 𝗰𝗮𝗻 𝗵𝗶𝗱𝗲 𝗗𝗼𝗺𝗮𝗶𝗻 𝗔𝗱𝗺𝗶𝗻𝘀 from standard discovery—even from other admins? Active Directory is a “𝗿𝗲𝗮𝗱-𝗺𝗮𝗻𝘆” 𝗱𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 by design. But 𝗟𝗶𝘀𝘁 𝗢𝗯𝗷𝗲𝗰𝘁 𝗠𝗼𝗱𝗲 (𝗟𝗢𝗠) can change that. 🕵️‍♂️ Martin Handl shows how to leverage LOM to make Tier-0 accounts completely invisible to lower-tier admins. 🔧 𝗛𝗼𝘄 𝗶𝘁 𝘄𝗼𝗿𝗸𝘀: 1️⃣ 𝗘𝗻𝗮𝗯𝗹𝗲 𝗟𝗶𝘀𝘁 𝗢𝗯𝗷𝗲𝗰𝘁 𝗠𝗼𝗱𝗲 (𝗟𝗢𝗠) Set dSHeuristics=001 in AD’s Configuration partition. No restart needed—takes effect instantly across the forest. 2️⃣ 𝗨𝘀𝗲 𝘀𝗽𝗲𝗰𝗶𝗮𝗹 𝗔𝗖𝗟 𝗰𝗼𝗺𝗯𝗶𝗻𝗮𝘁𝗶𝗼𝗻𝘀: On the parent OU: Deny List contents On the Tier-0 object itself: Deny List object Together, this hides the object—even if a user has read access on the directory. 3️⃣ 𝗟𝗲𝘁 𝗔𝗱𝗺𝗶𝗻𝗦𝗗𝗛𝗼𝗹𝗱𝗲𝗿 𝗽𝗿𝗼𝗰𝗲𝘀𝘀 𝗱𝗼 𝘁𝗵𝗲 𝘄𝗼𝗿𝗸: Apply custom ACLs to the AdminSDHolder container—those propagate automatically to all protected Tier-0 accounts every hour. Bonus: Martin provides a PowerShell script to apply/revert this across any OU. 👁️ 𝗪𝗵𝗮𝘁’𝘀 𝘁𝗵𝗲 𝗲𝗳𝗳𝗲𝗰𝘁? From the viewpoint of Tier-1 or Tier-2 users (like helpdesk or server admins), the hidden accounts don’t exist. No group listing, no LDAP enumeration, no PowerShell output. 📌 𝗨𝘀𝗲 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗹𝘆: Hiding is not a replacement for proper security controls (Tiering, Security Baselines, LAPS, Role Separation, ..., ). But it adds another layer—obscurity that frustrates attackers and tools alike. 📄 𝗙𝘂𝗹𝗹 𝗽𝗼𝘀𝘁 + 𝗣𝗼𝘄𝗲𝗿𝗦𝗵𝗲𝗹𝗹 𝘀𝗰𝗿𝗶𝗽𝘁 by Martin Handl: iqunit.com/become-an-invi… (use auto-translation from German, it is definitely worth it!). 𝗛𝗶𝗱𝗶𝗻𝗴 𝗰𝗮𝗻 𝗯𝗲 𝗮𝗹𝘀𝗼 𝘂𝘀𝗲𝗱 𝗯𝘆 𝗮𝗻 𝗮𝘁𝘁𝗮𝗰𝗸𝗲𝗿, are you sure nothing hides in your Active Directory? How do you search for something like that? ✅ PS: I got you covered, 𝗔𝗗𝗣𝗿𝗼𝗯𝗲 can discover hidden accounts... #ActiveDirectory #CyberSecurity #WindowsSecurity #RedTeam #LOM #ListObjectMode #T0 IQunit IT GmbH Martin Handl @BlueTeamDave

I had no idea this screen existed until my VM decided to act on its own. This is the Microsoft Defender Offline scan. Docs: learn.microsoft.com/en-us/defender…

⚠️ Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise Read more: cybersecuritynews.com/active-directo… Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise. Attackers leveraged native Windows utilities to dump and exfiltrate NTDS.dit, bypassing standard defenses. The adversary in this case obtained DOMAIN ADMIN privileges via a successful phishing campaign and subsequent privilege escalation. #cybersecuritynews #windows

The Road to Live! 360 starts here! Conference co-chair & Microsoft MVP @DaveKawula shares why this year’s Tech Con in Orlando is a must-attend. Don’t miss out — Super Early Bird pricing ends 9/26. #Live360TechCon #RoadtoLive360 youtube.com/watch?v=q08pDB…

Last week we covered Active Directory Group Policy permissions (x.com/PyroTek3/statu…). This week, we dig into Active Directory Kerberos delegation. I have mentioned in several presentations that Kerberos delegation is impersonation. Kerberos delegation is used when a service (ex. web server) needs to impersonate a user when connecting to a resource (ex. database). There are a 4 types of Kerberos delegation: * Unconstrained - impersonate authenticated user to any Kerberos service * Constrained - impersonate authenticated user to specific Kerberos services * Kerberos Constrained Delegation Protocol Transition - impersonate any user account to specific Kerberos services * Resource-based Constrained Delegation - enables delegation configured on the resource instead of the account Unconstrained delegation should be converted to constrained delegation due to security concerns. Any Kerberos delegation that is no longer required should be removed. If there's no associated Kerberos service principal name, Kerberos authentication isn't working and this should be fixed or removed. PowerShell code using the Active Directory PowerShell module: github.com/PyroTek3/Misc/… #ActiveDirectorySecurityTip

Over the summer, I rebuilt my Active Directory lab environment with multiple regional domains. Instead of manually configuring common issues, I decided to create a PowerShell script to do this for me. This PowerShell script will build out common configurations after you have a working AD forest , just point it at the target domain! My Invoke-ADLabBuildOut script does the following: * Create Top Level OUs * Create Branch Office OUs * Rename Default Domain Admin Account * Create AD Lab Users * Create AD Lab Groups * Create AD Lab Service Accounts * Create AD Lab Admin Accounts * Create AD Lab Group Managed Service Accounts * Create AD Lab Windows Workstations * Create AD Lab Windows Servers * Create AD Lab Computers * Create AD Lab Fine Grained Password Policies * Set SPN on Default Domain Admin Account * Randomize Admin Account Membership in Admin Groups * Randomize Service Account Membership in Admin Groups * Add Password To Random User AD Attribute * Add Kerberos Delegation * Add Computer Accounts to Admin Groups * Set OUs With Blocked GPO Inheritance Invoke-ADLabBuildOut PowerShell script leveraging the Active Directory PowerShell module: github.com/PyroTek3/ADLab