EtcSecBeta

Identity Security Blog

Expert insights on Active Directory and Azure security vulnerabilities, hardening guides, and remediation best practices.

49 articles
Kerberos RC4 Fallback in Active Directory: How to Detect It, Why It Still Happens, and How to Remove It
ADKerberosMonitoring

Kerberos RC4 Fallback in Active Directory: How to Detect It, Why It Still Happens, and How to Remove It

A technical guide to Kerberos RC4 fallback in Active Directory: what still triggers RC4, how to detect it in Event ID 4769 and account settings, and how to remediate legacy dependencies without breaking authentication.

CVE-2026-31431 (Copy Fail): What the Linux Kernel Vulnerability Affects and How to Mitigate It
ADNetworkMonitoring

CVE-2026-31431 (Copy Fail): What the Linux Kernel Vulnerability Affects and How to Mitigate It

A fact-checked technical explainer on CVE-2026-31431 (Copy Fail): affected Linux kernel component, KEV status, vendor mitigation guidance, patch validation, and rollout caveats.

What Security Tools Work in Isolated Networks Without Internet Access? A Practical Guide to Offline-Capable Security Workflows
ADNetworkMonitoring

What Security Tools Work in Isolated Networks Without Internet Access? A Practical Guide to Offline-Capable Security Workflows

A practical guide to security tools for isolated enterprise networks: native Windows evidence sources, offline-capable AD assessment tools, staged-update vulnerability scanners, and the limits of cloud-dependent products.

What Are the Most Common Active Directory Security Misconfigurations? 10 Issues to Fix First
ADConfigPermissions

What Are the Most Common Active Directory Security Misconfigurations? 10 Issues to Fix First

A technical guide to the Active Directory security misconfigurations that still matter most: privileged access sprawl, DCSync rights, unsigned LDAP, weak password controls, service account exposure, delegation drift, LAPS gaps, and unsafe GPO paths.

Hardening Active Directory: What to Lock Down First and How to Validate It
ADPrivileged AccessConfig

Hardening Active Directory: What to Lock Down First and How to Validate It

A priorities-first guide to hardening Active Directory: privileged access, protocol hardening, reusable secrets, control-plane exposure, and post-change validation.

Air-Gapped Network Security Audit: How to Review Isolated Environments Without False Confidence
ADNetworkMonitoring

Air-Gapped Network Security Audit: How to Review Isolated Environments Without False Confidence

A practical guide to auditing isolated enterprise networks, from boundary scoping and transfer paths to offline logging, local evidence, and post-fix validation.

NIS2 Identity Security Requirements: What AD and Entra Teams Need to Prove
ADAzureComplianceIdentity

NIS2 Identity Security Requirements: What AD and Entra Teams Need to Prove

NIS2 does not name Microsoft controls directly, but AD and Entra teams still need to prove strong identity governance, access control, MFA, and monitoring.

How to Audit Active Directory in an Air-Gapped Environment
ADMonitoringNetwork

How to Audit Active Directory in an Air-Gapped Environment

Air-gapped Active Directory environments still need rigorous security audits. Learn what to collect locally, how to validate findings, and how to avoid false confidence.

Privileged Access Drift Active Directory: How Admin Rights Creep Back After Audits
ADPrivileged AccessPermissions

Privileged Access Drift Active Directory: How Admin Rights Creep Back After Audits

Privileged access drift is how AD admin rights creep back after audits through group nesting, ACLs, DCSync rights and exceptions. Learn how to detect and validate cleanup.

Recurring AD Audit Workflow: Why Annual Audits Drift and How Continuous Posture Monitoring Works
ADMonitoringPrivileged Access

Recurring AD Audit Workflow: Why Annual Audits Drift and How Continuous Posture Monitoring Works

Annual AD audits age fast. Learn how to build a recurring Active Directory audit workflow, remeasure drift, and use continuous posture monitoring to verify remediation.

ANSSI Active Directory Guide: Applying the Security Recommendations in Practice
ADComplianceIdentity

ANSSI Active Directory Guide: Applying the Security Recommendations in Practice

This practical guide summarizes the ANSSI recommendations that matter most for Active Directory and shows how to turn them into concrete controls, logging, and hardening decisions.

Weak Certificate Mapping in AD CS: Why Strong Binding Matters
ADADCSKerberos

Weak Certificate Mapping in AD CS: Why Strong Binding Matters

Weak certificate mapping lets certificate-based authentication rely on reusable names instead of strong account bindings. Learn how it works, how to detect it, and how to harden AD CS.

Page 1 of 5
Identity Security Resources

Explore the identity security pages that support this topic

Explore detailed pages for Active Directory, Entra ID, ETC Collector deployment, and side-by-side product comparisons.

Active Directory security audit

Review the landing page focused on Tier 0, Kerberos, delegation, ADCS, and remediation priorities.

Open page
Microsoft Entra ID security audit

See the Entra ID page covering Conditional Access, MFA, PIM, app permissions, and guest exposure.

Open page
PingCastle alternative

Compare PingCastle with ETC Collector for recurring AD audits and standalone collection workflows.

Open page
Purple Knight alternative

Compare Purple Knight with ETC Collector for AD plus Entra ID reviews and recurring follow-up.

Open page
ETC Collector

Review ETC Collector, its local deployment modes, and how teams run standalone or recurring audits.

Open page