Internal pentest findings that shouldn't exist in 2025...
- credentials on file shares/sharepoint/dms
- local admin password reuse
- kerberoastable domain admins
- ADCS Misconfigs
- spooler running on DCs
- lack of powershell restrictions
- EDR missing on hosts
11.07.2025 14:16 β π 2 π 1 π¬ 0 π 0
Phishing in reverse, nice! Youβre so right ππͺ
09.07.2025 10:38 β π 0 π 0 π¬ 0 π 0
EDR is great⦠but it can't go everywhere...
It canβt be disguised as private messages in Slack
It canβt plant documents in Teams
It canβt be installed on ICS
Deception can go where traditional endpoint security cannot...
08.07.2025 13:13 β π 3 π 0 π¬ 0 π 0
So much of researching & troubleshooting is just being patient enough to read long answers on reddit and stack overflow or I guess now days a bunch of AI responses...and being able to detect the bs and wade through it to find the "truth" or the answer or whatever the heck it is you're trying to do
07.07.2025 18:40 β π 1 π 0 π¬ 0 π 0
In cybersecurity and in life...
07.07.2025 14:07 β π 4 π 0 π¬ 0 π 0
Learning how to research and self-educate in the IT/cybersecurity fields, heck in life, is such a super critical skill to develop...
04.07.2025 19:14 β π 4 π 1 π¬ 1 π 0
Itβs really fun to pentest without malware. But it gets to be less fun when cool stuff thatβs closed source gets detected more regularly, like ADExplorer.
This is a format petition to Microsoft to open source it. Pretty please with a cherry on top
04.07.2025 14:16 β π 4 π 1 π¬ 0 π 0
The value of understanding how permissions work in Active Directory cannot be understated. Out of all the common findings on internal pentests, of ad environments, that seems to be the # 1 most difficult for admins to identify on their own
03.07.2025 19:53 β π 4 π 1 π¬ 0 π 0
βGetting caughtβ is the start of great dialog between the pentester and the IT/Security teamβ¦
03.07.2025 13:34 β π 1 π 0 π¬ 0 π 0
One of the reasons to teach users how to spot malicious emails, links, texts, etc. is so they begin to pick up on the patterns threat actors use
Security awareness training helps users better perceive the risks of such techniques
02.07.2025 19:04 β π 0 π 0 π¬ 0 π 0
One of the reasons I really like deception tech is because if done well it can be used to identify the permission level and logical location of a threat actor
Thatβs not always the case for other security tools
02.07.2025 14:13 β π 2 π 0 π¬ 0 π 0
Video Conferencing, Web Conferencing, Webinars, Screen Sharing
Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoomβ¦
p.s. if you want to check out the recording of the deception webinar I did, details below
us06web.zoom.us/rec/share/Eb...
Passcode: Ct5sFdX!
01.07.2025 20:23 β π 1 π 0 π¬ 0 π 0
Video Conferencing, Web Conferencing, Webinars, Screen Sharing
Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoomβ¦
2) because you can put deception places where traditional security tools cannot currently go: slack, file shares, ticketing systems, sharepoint, github, aws, entra, etc.
01.07.2025 20:23 β π 0 π 0 π¬ 1 π 0
more alerts != better threat detection
i'm a big fan of deception for a couple reasons:
1) because of the quality of the alerts
01.07.2025 20:23 β π 0 π 0 π¬ 1 π 0
Security hardening is the removal of dangerous configurationsβ¦
Security hardening is often seen as adding layers of controls, however, itβs more similar to taking away or locking down things that could be misused by attackersβ¦ while still making sure everything works the way itβs supposed to.
01.07.2025 13:13 β π 5 π 1 π¬ 0 π 0
Itβs kind of a cliche saying butβ¦ βsuccess leaves cluesβ (taken from tony robbins) can be applied to cybersecurity success too..
30.06.2025 18:40 β π 1 π 0 π¬ 0 π 0
Learning to recognize patterns is a super power in cybersecurity. How you do that? Not really sure to be honest. But I know you need reps to even have a chanceβ¦
30.06.2025 14:07 β π 0 π 0 π¬ 0 π 0
Including the name of a tool in screenshots that show up in reports is one of those little nuance things that is actually really important. Barring private tooling, it's pure value add
27.06.2025 14:16 β π 1 π 0 π¬ 0 π 0
Just blocking <companyname> and all the derivatives you can possibly think of (including slogans and nicknames) would prevent like 70% of all the weak passwords people use...
26.06.2025 19:53 β π 3 π 0 π¬ 1 π 0
Another thing to block in terms of weak passwords is: <nameofservice> where the service is some kind of software that a majority of people use. Such as litigation software, document management systems, etc. Look at the most commonly used 3rd party software and block password derivatives using those
26.06.2025 13:34 β π 1 π 0 π¬ 0 π 0
Lolol trigger warning
25.06.2025 22:47 β π 1 π 0 π¬ 0 π 0
I honestly don't think you need to take ntds.dit offline and try and crack it to be sure users are using strong passwords. I think a better way is to use tools like Lithnet AD Password Protection or Specops to enforce strong policies...
25.06.2025 19:04 β π 0 π 0 π¬ 0 π 0
Thanks so much for the support on the webinar today everyone! We crushed that, super fun, thanks for reminiscing with me while we watched those home alone clips ππ
25.06.2025 17:17 β π 1 π 0 π¬ 0 π 0
All passwords can be cracked if, **checks notes** the password is the username....
25.06.2025 14:12 β π 3 π 0 π¬ 0 π 0
ππ
24.06.2025 23:34 β π 0 π 0 π¬ 0 π 0
I hate to be the bearer of bad news but your user's passwords are not as strong as you think they are...
24.06.2025 20:23 β π 1 π 0 π¬ 2 π 0
Hacker, writer, dreamer, dad
β’ your go-to source for #ransomware news, insights, and analysis
β’ home of #RedACT monthly threat report
π ransomNews.online
πΌ linkedin.com/company/ransomnews
πββ¬ github.com/ransomNews
πΏ rnws.online/YyZGM
I own a portfolio of Main St companies. NYT best-selling author | Invest: @CTVentureCap,
mainstreethold.co | Build: @_CTCommunity @bizscout_ @resibrands
Remote desktop protocol expert, OSS contributor and Microsoft MVP. I love designing products with Rust, C# and PowerShell. Proud to be CTO at Devolutions. π¨π¦
Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
Wannabe security guy. Director @ Zero-Point Security.
Find out about newly awarded MVPs
Created by https://bsky.app/profile/schenardie.bsky.social
Husband, father, and overall nerd.
You can take the sysadmin out of the scheme, but you can't take the scheme out the sysadmin...
#PowerShell
Son of the Rock (Dumbarton FC)
https://powershellyoungteam.github.io/
https://github.com/PowerShellYoungTeam/
InfoSec Director for non-profits (Nation State threats, non-profit budgets!) I talk mostly about Cybersecurity and Tech but occasionally cats (got my handle from one of them), urbanism, transportation politics and woodworking. My tweets are my own.
Real Intrusions by Real Attackers, the Truth Behind the Intrusion.
https://thedfirreport.com
Head of Investigations at InfoGuard AG - dfir.ch
Know. When it matters.
https://canary.tools
πJoin us in Brooklyn, NY on Aug 24th for the launch of LIVE on Skylight!
RSVP here: https://smokesignal.events/did:plc:rbvrr34edl5ddpuwcubjiost/3lvopsv64m22p
πJoin Skylight Social!π
https://apps.apple.com/us/app/skylight-social/id6740706006
#Microsoft365 Consulting Team Lead with Focus on Corporate M&A | #PowerShell | #Windows | #Azure | Sr. Cybersecurity & Enterprise Technology Architect at West Monroe
Senior Security Researcher (DART) at Microsoft. Opinions are my own. #MSIncidentResponse #DART #Microsoft365 #EntraID #DefenderXDR #Sentinel
