Webinars & Presentations

Recorded webinars and conference talks on identity security topics.

Managing Active Directory Like It’s 2003 Leaves You Exposed in 2025

In 2025, as Windows Server 2025 rolls out, relying on outdated AD practices puts your organization at risk. Microsoft is steadily enforcing stricter security defaults, while modern ransomware campaigns continue to target AD as a prime entry point. Falling behind means disruption and exposure.

Dear Identity A Ransom Note and Deep Dive into Ransomware Attacks and Proactive Identity Security

It’s 2025. Ransomware remains a persistent and evolving threat, but the landscape is changing. The tactics, targets, and technology have advanced, yet organizations continue to face devastating attacks, costly payouts, and hard lessons. Why, despite widespread awareness and publicized incidents, are so many still unprepared when the worst happens? It’s 2025—the year we stop reacting and start proactively securing our digital future.

Crash Course: Securing Identity & Access Management in AD/Entra ID

Identity is the new security perimeter, and attackers know it. Any missteps in your Active Directory or Entra ID security -- from weak authentication policies to lingering legacy accounts and risky privilege spraw -- can open the door to costly breaches.

AD Certificate Services: A Massive Chunk of Windows Security Functionality Finally Gets the Security Research It Deserves

Certificate templates are one of the key objects in AD CS. They are basically profiles defining common properties associated with different types of certificates needed in an environment. For instance, if you want only corporate-managed devices to join Wi-Fi or use VPN, you can use AD CS autoenrollment to issue machine certificates and enforce EAP-TLS via NPS/RADIUS—so network access is granted based on certificate trust instead of passwords. Darryl will focus on 3 vulnerabilities involving certificate templates: Domain escalation via No Issuance Requirements + Enrollable Client Authentication/Smart Card Logon OID templates + CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT Domain escalation via No Issuance Requirements + Enrollable Any Purpose EKU or no EKU Domain escalation via No Issuance Requirements + Certificate Request Agent EKU + no enrollment agent restrictions

Active Directory Recommended Practices

Part 2 of a 2 part series covering Active Directory best practices.