Common LAN Security problems + solutions

21st March 2025

Run these Tools:

snaffler find plain text auth sources, read the documentation
PingCastle AD security fixes
LockSmith Certificate issues/misconfigs
ScriptCentury turn script files into Canaries (Thinkst)
ADeliginator find overly permissive delegations

prune SPNs
LAPs on workstations and Terminal servers

Tiered security Monash micro-segmentation/0Trust Where can admins login?
Protected Users Built-in 2012r2+ Creds are NOT cached on Login

https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html?m=1