// #privileged-access
4 articles
Healthcare Ransomware and Identity: The IAM Controls That Limit Gentelman's Blast Radius
The Gentelman ransomware group gains initial access through RMM vulnerabilities, but its ability to encrypt an entire healthcare network depends on how identity and access management is configured. Strong IAM controls — privileged access segmentation, MFA enforcement on administrative accounts, and service account restrictions — significantly limit what a ransomware operator can encrypt once inside the perimeter.
Implementing the Active Directory Tier Model: A Practical Guide for Post-Netlogon Environments
Microsoft's Active Directory Tier Model separates administrative access by privilege level to prevent credential theft from cascading into full domain compromise. CVE-2026-41089's impact in poorly segmented environments makes the Tier Model the single highest-leverage post-incident investment. This guide covers the implementation sequence for organisations starting from scratch.
Privileged Access Workstation Deployment: The Missing Piece of Most Active Directory Hardening Programmes
Privileged Access Workstations (PAWs) are the single most effective control for preventing credential theft from domain administrators. They are also the most consistently skipped step in enterprise AD hardening programmes. This guide covers a practical PAW deployment for Tier 0 domain controller administration.
OpenSSH CVE-2026-35414 — Certificate Authentication Bypass via Comma Bug Grants Root Access
A single-character defect in OpenSSH's certificate Subject Alternative Name parsing allows an attacker with a maliciously crafted certificate to bypass host-based and user certificate authentication entirely, potentially gaining unauthorised access to systems relying on certificate-based SSH for privileged access. Researchers have named the vulnerability SplitSSHell. Operators using OpenSSH certificate authentication for root or privileged user access should review their CA trust chains immediately.