lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <bf46803c0609080628j2a4c330dma8159d913eb5ab62@mail.gmail.com>
Date: Fri, 8 Sep 2006 08:28:12 -0500
From: Philosophil <flosofl@...il.com>
To: "Steven Rakick" <stevenrakick@...oo.com>, full-disclosure@...ts.grok.org.uk
Cc: 
Subject: Re: Active Directory accounts

Steven,

You'll have better luck asking the Pen Testing mailing list than this
list.  I have seen Full Disclosure go steadily downhill over the last
few months.  In fact after this email, I'm unsubscribing from this
useless list.

These days it appears you get nothing but script-kiddies and people
who would rather sling insults than actually answer a question (if
they even know the answer) such as deji's response.

I wish I could answer your question directly, but I'm a Unix/Linux
guy.  The best advice I have to give you is to leave this list and try
to find one where people actually know (and supply) answers.  Pen
Testing is usually a good resource.

Good luck.

On 9/7/06, Steven Rakick <stevenrakick@...oo.com> wrote:
> Hello,
>
> I have a question regarding some data I pulled off a
> customers AD. We recently ran AD scan to identify
> several user accoutn violation types using AD
> Inspector (www.obtuse.net/software/adinspector).
> Basically the search contained filters for users who
> dont have password expirations enabled and also users
> who havent logged in in the last 90 days (stale
> accounts). Anyways, the results were quite suprising
> and I'd like to validate them.
>
> My question is this. Is the lastLogon AD account
> property updated any time a user authenticates to AD
> regardless of the service? Like, if I login to a 3rd
> party application which uses LDAP integration with AD
> for authentication, will that update the users
> lastLogon property in AD?
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ