Top Ad unit 728 × 90

Latest News

random

Daily Blog #621: ADFS accounts in SAM hives

Hello Reader,
            I wanted to make a quick post about ADFS (Active Directory Federated Services) and Azure AD. If the Windows system you are examining has a user that is authenticating against Azure AD in any configuration (cloud, hybrid, office 365) then you should be looking for an additional key value that has been around since the original 'Microsoft Account' in Windows 8.

They key value 'InternetUserName' will store the full account name with domain that the user authenticated with. A true local account will not have this value, only those accounts who are being authenticated against cloud hosted domains should contain it. In combination with a 0 logon count this can be used to determine not only that the user was not a local account but the full account name associated. 
Daily Blog #621: ADFS accounts in SAM hives Reviewed by David Cowen on February 09, 2019 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.