With the discovery of Skeleton Key you may be wondering what is next? Well since the source code is out there, it is only a matter of time until we start seeing other binaries with a similar ability.

Now is a great time to beef up your Domain monitoring tools. I recommend using PowerShell! Do some simple queries to get all of your users that have been created in the past week (you’ll need to create an array of objects (containers) same as an import-csv):

Pipe results into this function as a hash table and a string with a name:

Bam! You’ve got a graphical display of your new accounts! This is a simple way to monitor the new accounts in your forest.