James Spencer
@jcspencer.net
authentication & identity enjoyer. crackin’ packets and protocols; loves a good pcap.
professional cyber guy - overwatch @ crowdstrike. views my own.
professional cyber guy - overwatch @ crowdstrike. views my own.
@syfuhs.net I’m not sure if it’s in your wheelhouse, but do you happen to know if there’s a chance this feature (CertReq -EnrollCredGuardCert MachineAuthentication) will get exposed to ADCS at some stage (like TPM attestation?) - hadn’t seen it until recently and it’s pretty sweet!
Additional mitigations
Learn how to improve the security of your domain environment with additional mitigations for Credential Guard and sample code.
learn.microsoft.com
February 25, 2025 at 11:14 AM
@syfuhs.net I’m not sure if it’s in your wheelhouse, but do you happen to know if there’s a chance this feature (CertReq -EnrollCredGuardCert MachineAuthentication) will get exposed to ADCS at some stage (like TPM attestation?) - hadn’t seen it until recently and it’s pretty sweet!
@damienmiller.bsky.social Hi! I’ve been following the privsep work in sshd->sshd[-auth|-session], loving it!
Does there happen to be any doco around on the new design / roadmap compared to older builds? I’ve been able to grok it mostly from the diffs, but any docs on it would be great to reference!
Does there happen to be any doco around on the new design / roadmap compared to older builds? I’ve been able to grok it mostly from the diffs, but any docs on it would be great to reference!
January 4, 2025 at 7:08 AM
@damienmiller.bsky.social Hi! I’ve been following the privsep work in sshd->sshd[-auth|-session], loving it!
Does there happen to be any doco around on the new design / roadmap compared to older builds? I’ve been able to grok it mostly from the diffs, but any docs on it would be great to reference!
Does there happen to be any doco around on the new design / roadmap compared to older builds? I’ve been able to grok it mostly from the diffs, but any docs on it would be great to reference!
@syfuhs.net I know they’re not “”publicly”” documented, but a question about S-1-12- SIDs:
Does the ‘R’ in S-1-12-R- point to the Azure cloud that the object belongs to? 99% of the time I see 1 (Entra ID global?), but my best guess on the rest (up to 8) is the other clouds… am I in the ballpark? 🤔🤔
Does the ‘R’ in S-1-12-R- point to the Azure cloud that the object belongs to? 99% of the time I see 1 (Entra ID global?), but my best guess on the rest (up to 8) is the other clouds… am I in the ballpark? 🤔🤔
December 21, 2024 at 1:39 AM
@syfuhs.net I know they’re not “”publicly”” documented, but a question about S-1-12- SIDs:
Does the ‘R’ in S-1-12-R- point to the Azure cloud that the object belongs to? 99% of the time I see 1 (Entra ID global?), but my best guess on the rest (up to 8) is the other clouds… am I in the ballpark? 🤔🤔
Does the ‘R’ in S-1-12-R- point to the Azure cloud that the object belongs to? 99% of the time I see 1 (Entra ID global?), but my best guess on the rest (up to 8) is the other clouds… am I in the ballpark? 🤔🤔