Guardians of the Directory

By Guardian of the Directory

Guardians of the Directory is the podcast for everything Active Directory security, management, and recovery. Join us as we dive into best practices, recent security events, listener Q&As, and exp... more

· Technology

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Guardians of the Directory:

How many episodes does Guardians of the Directory have?

The podcast currently has 17 episodes available.

Guardians of the Directory episodes:

January 20, 2025 Recovery Dilemma: Restoring Without Risking Reinfection
Chad Nichols discusses the complex challenge of restoring Active Directory after a ransomware attack without risking reinfection. He sheds light on the pitfalls of traditional backup methods, which often carry residual malware, and stresses the importance of clean recovery strategies. This critical insight highlights the balance between operational urgency and long-term security.
...more
1min
January 08, 2025 From Red Team to Teacher: Transforming Cybersecurity Knowledge into Community Power
Summary
In this episode of Guardians of the Directory, host Craig Birch engages with John Harper, founder of Hackers Teaching Hackers, to discuss the evolution of cybersecurity education, the importance of community sharing, and the vulnerabilities within Active Directory. They explore the offensive security landscape, the significance of hands-on learning, and practical strategies for strengthening Active Directory security. The conversation also delves into the journey of becoming a red teamer and the resources available for aspiring cybersecurity professionals.
Key Takeaways
Hackers Teaching Hackers started as a grassroots initiative to share knowledge.
Active Directory is often poorly managed, leading to significant security vulnerabilities.
Community sharing in cybersecurity has improved over the years.
Hands-on learning is crucial for understanding security concepts.
Imposter syndrome is prevalent in the cybersecurity community.
Active Directory hygiene is essential for organizational security.
Real-time monitoring of Active Directory changes is critical.
Penetration testing should include Active Directory in scope.
Networking and mentorship are vital for career growth in cybersecurity.
Continuous learning and community involvement are key to success in red teaming.

...more
39min
December 23, 2024Active Directory's Dark Side: Underbelly Threats and Shadowy Permissions
In this episode of Guardians of the Directory, Craig Birch and Derek Melber delve into the complexities of Active Directory security, focusing on the stealthy threats posed by shadow permissions, DC Shadow, and DC Sync. They discuss the historical context of these vulnerabilities, the role of applications in creating shadow permissions, and the importance of cleaning up orphaned SIDs. The conversation also covers best practices for managing service accounts and highlights critical areas within Active Directory that administrators should monitor. The episode concludes with actionable recommendations for improving security posture.
Key Takeaways
Active Directory is a critical component of identity infrastructure.

Shadow permissions can be exploited by attackers without detection.

Many organizations lack visibility into their Active Directory permissions.

Cleaning up orphaned SIDs is essential for security.

Service accounts should have strong passwords and limited privileges.

Regular audits of Active Directory are necessary to identify risks.

Applications can inadvertently create shadow permissions.

Understanding the baseline permissions is crucial for security.

PowerShell can be a powerful tool for managing Active Directory.

Start with small changes to improve security posture.
...more
36min
December 13, 2024 Hacked Hallways: Cyber Threats in K-12 Education
Summary
This conversation delves into the critical issue of cybersecurity in K-12 education, highlighting the vulnerabilities schools face due to budget constraints, lack of training, and the unique challenges of supporting a diverse student population. Jason, an IT expert, shares insights on the value of school data to cybercriminals, recent case studies of cyber attacks, common attack methods, and the importance of having robust recovery plans and security measures in place. The discussion emphasizes the need for schools to be proactive in their cybersecurity efforts to protect sensitive information and ensure the safety of their students.
Key Takeaways
K-12 schools are increasingly targeted by cybercriminals due to their vulnerabilities.
Budget constraints often lead to compromised security in educational institutions.
Student information systems contain valuable data that can be exploited by attackers.
Recent cyber attacks have caused significant disruptions in school operations.
Phishing and password stuffing are common attack methods in schools.
Implementing multi-factor authentication is challenging in K-12 environments.
Schools need a solid cybersecurity response plan to handle incidents effectively.
Backup plans are essential for maintaining educational continuity during cyber incidents.
IT departments must document and test recovery plans regularly.
Being proactive in cybersecurity can deter potential attackers.
...more
41min
November 27, 2024 Active Directory Recovery Post Ransomware
In this episode of Guardians of the Directory, Craig Birch and Chad Nichols discuss the critical steps needed to recover from a ransomware attack that targets Active Directory. They explore the challenges organizations face during such attacks, the importance of having a solid recovery strategy, and the lessons learned from real-world experiences. The conversation emphasizes the need for preparedness, security measures during recovery, and the implementation of best practices to prevent future attacks.
takeaways
Active Directory is the backbone of the network.
Ransomware attacks can encrypt all systems quickly.
Assessing damage post-attack is crucial.
Recovery strategies must be well-planned.
Traditional backup solutions may not suffice.
Isolating infected systems is essential during recovery.
New accounts should be created for privileged users post-recovery.
Implementing zero trust security policies is vital.
Regular testing of recovery procedures is necessary.
Learning from past experiences can improve future responses.
...more
36min
November 14, 2024 Trailer: Guardians of the Directory: Defending the Backbone of Enterprise Security
In this inaugural episode of Guardians of the Directory, join Craig Birch, Principal Security Engineer and Technical Evangelist at Cayosoft, as he introduces himself and the mission of this podcast dedicated to Active Directory (AD) and Entra ID management, security, and recovery. With over two decades of experience in identity security and a passion for helping AD administrators and security professionals alike, Craig dives into the critical role AD and Entra ID play in today’s enterprise environments.
Why focus on a technology that’s been around for 24 years? AD and Entra ID remain at the core of over 90% of organizations worldwide, often becoming prime targets for cyber attackers who seek privilege escalation paths. Each episode, Craig will share actionable insights, best practices, and expert interviews on topics ranging from AD basics to advanced defense strategies.
Whether you're an AD admin, security expert, or curious learner, tune in bi-weekly for updates on key challenges and emerging solutions. Subscribe to Guardians of the Directory wherever you get your podcasts and stay one step ahead in protecting your organization’s backbone.
Stay guarded, stay informed—be the Guardian of your directory!
...more
3min
November 14, 2024 Beyond Defense: Why Traditional Defenses against Ransomware Fail
Summary
In this episode of Guardians of the Directory, Craig Birch and Mike Brennan discuss the evolving landscape of cybersecurity, particularly focusing on identity security and the challenges organizations face in preventing ransomware attacks. They explore the inadequacies of traditional security measures, the importance of proactive strategies, and the need for continuous monitoring and modern recovery solutions. The conversation emphasizes the necessity for organizations to rethink their security approaches to effectively combat the growing threat of ransomware.
Takeaways
Organizations are still struggling with stopping ransomware attacks despite having security solutions in place.
Ransomware is evolving, and traditional defenses are often inadequate.
Endpoint protection is challenging due to the proliferation of devices and remote work.
Vulnerability management is hindered by inconsistent patching and the speed of zero-day exploits.
Privileged Access Management (PAM) is crucial but often overlooked in identifying all privileged accounts.
Multi-Factor Authentication (MFA) is not a silver bullet and has its limitations.
SIEM systems can be overwhelmed by alerts and may not detect sophisticated attacks.
Pen testing provides valuable insights but should be complemented with continuous monitoring.
Backup and recovery strategies need to be proactive and air-gapped to prevent reinfection.
Organizations must adopt a holistic approach to security, focusing on identity and access management.
Chapters
00:00 Introduction to Identity Security and Ransomware Threats
03:02 The Evolution of Cybersecurity Defenses
06:04 Endpoint Protection Challenges
08:59 Vulnerability Management and Patching Issues
11:57 The Importance of Privileged Access Management
14:56 Understanding Multi-Factor Authentication Limitations
18:13 The Role of SIEM in Modern Security
22:03 Pen Testing and Continuous Monitoring
27:06 Backup and Recovery Strategies
36:03 Conclusion: Rethinking Security Approaches
...more
39min

FAQs about Guardians of the Directory:

How many episodes does Guardians of the Directory have?

The podcast currently has 17 episodes available.