The Zero Trust Zone
The Zero Trust Zone
Podcast Description
Welcome to The Zero Trust Zone — your go-to podcast for all things Microsoft 365 Security and beyond.
Each episode dives into the ever-evolving world of cloud security, exploring the latest features, tools, and strategies across Microsoft Entra, Defender, Purview, and the broader Microsoft Security stack. Whether you’re a security architect, IT pro, or just curious about how to keep your digital world locked down, you’re in the right place.
No fluff. Just practical, modern security — delivered with a healthy dose of curiosity, humor, and zero trust!
Podcast Insights
Content Themes
The podcast focuses on cloud security, specifically within the Microsoft 365 suite. Episodes cover themes such as decentralized identities, identity management, and cybersecurity best practices, with specific episodes discussing the principles of decentralized identity and Microsoft's verified ID solution, as well as challenges in authentication and authorization.
Welcome to The Zero Trust Zone — your go-to podcast for all things Microsoft 365 Security and beyond.
Each episode dives into the ever-evolving world of cloud security, exploring the latest features, tools, and strategies across Microsoft Entra, Defender, Purview, and the broader Microsoft Security stack. Whether you’re a security architect, IT pro, or just curious about how to keep your digital world locked down, you’re in the right place.
No fluff. Just practical, modern security — delivered with a healthy dose of curiosity, humor, and zero trust!
Certificates are either your strongest authentication control or your biggest hidden liability.
In Episode 6 of The Zero Trust Zone, I’m joined by identity expert Jake Hildreth to unpack the real-world security implications of Active Directory Certificate Services (AD CS).
We discuss why PKI is often misunderstood, how certificate misconfigurations become high-impact attack paths, and how tools like Locksmith are helping organizations identify exposure before attackers do.
From Zero Trust architecture to ESC abuse paths, this episode dives deep into the sense (and some nonsense) of certificates in modern enterprise security.
Topics covered include:
- Why AD CS has become a prime attack surface
- Common certificate misconfigurations in enterprise environments
- ESC vulnerabilities explained
- Proactive PKI auditing and hardening strategies
Resources mentioned:
SpecterOps – Certified Pre-Owned: Abusing Active Directory Certificate Services
https://posts.specterops.io/certified-pre-owned-d95910965cd2
Jake Hildreth – LockSmith PowerShell Toolkit
https://github.com/jakehildreth/Locksmith
Michael Waterman – Top 10 PKI Recommendations by a Former Microsoft Security Engineer
https://michaelwaterman.nl/2026/02/15/top-10-pki-recommendations-by-a-former-microsoft-security-engineer/
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.