I decided to chat with a spammer/scammer. I found them to be pretty honest and forthcoming.
06.01.2026 16:28 — 👍 4 🔁 0 💬 1 📌 0
I decided to chat with a spammer/scammer. I found them to be pretty honest and forthcoming.
06.01.2026 16:28 — 👍 4 🔁 0 💬 1 📌 0Apple's Liquid Glass was cool for like 1 minute.
06.01.2026 16:21 — 👍 0 🔁 0 💬 1 📌 0I have debated declaring email bankruptcy many times. Haven't done it... yet.
12.12.2025 16:15 — 👍 3 🔁 0 💬 0 📌 0My "Death by Dashboards" talk from WWHF is up!
11.12.2025 17:32 — 👍 2 🔁 2 💬 0 📌 0
Months of battling, and I won. Inbox zero.
... for now.
Microsoft created Get-KerbEncryptionUsage.ps1 (see link in article) to query the event log to see which encryption types Kerberos used within your environment.
Run this, find the ones that MUST use RC4, and burn the rest. Then figure out how to upgrade the others from RC4 or pick a great password.
The ones here are obnoxious. But there’s a charm about Wisconsin alcoholics that Minnesota alcoholics just don’t have.
29.11.2025 22:18 — 👍 4 🔁 1 💬 0 📌 0I can't spell that stupid word correctly... ever
10.12.2025 18:02 — 👍 2 🔁 0 💬 0 📌 0
"By mid-2026, ... Windows Server 2008 and later to only allow AES-SHA1 encryption. RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it."
www.microsoft.com/en-us/window...
I love WI airports.
Concourse beers are not only legal, but it’s encouraged with signs all over the airport.
“Killer” lol
So bad. ;)
I'm home after teaching Offense for Defense at NineStart Connect. They offered free (yes, free) training to whomever wanted to attend. I can't thank them enough for offering this to our community!
The class is available here: training.redsiege.com (affordable, not free... sorry you missed out 😉)
Wrapping up @defcon.bsky.social Bahrain at the ICS Village.
Not my best picture, but excellent photo bomb.
Damn.
I’m never going to find this room.
Two days of teaching Pen Testing: Beyond the Basics ✅
Two hour Kerberos workshop ✅
Talk ✅
Tomorrow, time to be a full time booth babe.
Last year at @wildwesthackinfest.bsky.social a few packages arrived late (not mine). The maintenance staff regularly receives packages and thought it was theirs. They opened it, found a pack of stickers.
They have been putting them on their stuff and the hotel.
"We wondered who that guy was"
Senior Security Consultant Justin Palk tells you everything you need to know about getting started with proxy chains in this blog 🔗 redsiege.com/proxychains
#hacking #infosec #cybersecurity
The booth is hopping! Stop by to get tons of stickers, a shirt, and get entered to win a framed autographed picture from Hackers.
09.10.2025 19:23 — 👍 1 🔁 0 💬 0 📌 0Join us tomorrow!
01.10.2025 17:36 — 👍 0 🔁 0 💬 0 📌 0
Live now with pre-show banter with @mzbat.bsky.social (Kimber) and @antisyphontraining.bsky.social.
Close Security Gaps, Pass Audits, Stay Secure w/ Kimber Amos and @redsiege.com
www.antisyphontraining.com/event/anti-c...
I desperately want to know how long it took the bad guys to crack it. My intel/rumor mill says it took at least a week (or more). If that were the case, my guess is pen testers wouldn't have cracked it, so it is just an informational finding in the report.
30.09.2025 14:20 — 👍 3 🔁 0 💬 2 📌 0
I think about this often.
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
If it was in the report, then that's a really bad look.
Of course, this assumes they had pen test and the pen testers successfully cracked it.
BRB, going to wake up Billie Joe.
www.youtube.com/watch?v=pGhw...
Join me next week on the Thursday Defensive (thursdef.com) next Thursday at 1:30 ET on Offensive for Defense - How defenders can use offensive tools to test themselves.
26.09.2025 17:03 — 👍 2 🔁 0 💬 0 📌 0Couldn't agree more. How many high/crit PHP findings in your vuln scan reports that are meaningless because that function isn't used (or used with user input). Teams work hard remediate issues that have 0 impact, largely because it shows up in a dashboard, metrics, or KPIs... not because it matters.
24.09.2025 16:45 — 👍 6 🔁 0 💬 0 📌 0Really cool to be interviewed and quoted in this article.
18.09.2025 18:57 — 👍 4 🔁 0 💬 0 📌 0So by proxy, RC4 with Kerberos is bad.
16.09.2025 17:17 — 👍 2 🔁 1 💬 0 📌 0RC4 used with Kerberos isn't the fundemental flaw we think. Yes, RC4 is deprecated, but the real issue is the key generation for AES v RC4 for cracking (Kerberoasting). With RC4 the key = password hash. With AES it is 4096 rounds of hashing of hash+username+domain. The 4096 rounds matters, a lot!
16.09.2025 17:14 — 👍 8 🔁 2 💬 1 📌 0
I'm looking forward to @wildwesthackinfest.bsky.social. I also have a Kerberos workshop there, so check that out.
Oh, and we'll have tons of swag at the @redsiege.com booth, so stop by if you're in-person!