Michael ⛰️🌲
@infosec_mike
Avid Indoorsman, Blue team, W605, and Octothorpe enthusiast.
قد يعجبك
Dear M365 admins: ALL OF YOU Are you using Power Platform? If you can't answer that, KEEP READING. There are still things you need to do. Here are some absolute basics that most organizations miss. You license comes with Power Apps and Power Automate functionality and a…
Safe travels from @WWHackinFest another excellent experience thank you to all the staff and volunteers. Glad I was able to see and visit with so many.
"[...] the Microsoft Store is likely to allow users to install dual use applications that can be used to bypass security controls or access sensitive information in the environment." Read more: blackhillsinfosec.com/microsoft-stor… Microsoft Store and WinGet: Security Risks for Corporate…
![BHinfoSecurity's tweet image. "[...] the Microsoft Store is likely to allow users to install dual use applications that can be used to bypass security controls or access sensitive information in the environment."
Read more: blackhillsinfosec.com/microsoft-stor…
Microsoft Store and WinGet: Security Risks for Corporate…](https://pbs.twimg.com/media/G27X5PdXMAAevc8.jpg)
What risks arise from adding Domain Users to a template’s Enroll ACL? Share your top 3! 🔥 Last chance to join us on Oct 15 @ 12:00 pm ET! events.zoom.us/ev/AsbybLz-COO…
👀An attacker requests a cert, uses it for lateral movement, deletes logs... Where else can you see evidence? Join us Oct 15 @ 12 PM ET for Anti-Cast with Alyssa Snow & Kaitlyn Wimberley. events.zoom.us/ev/AsbybLz-COO…
Join @Carlos_Perez for our next webinar on October 15 at 1:00PM. We'll draw from recent, anonymized investigations to expose the most devastating failure patterns our Incident Response team has encountered in the field. Secure your spot now! trustedsec.zoom.us/webinar/regist…
If posture reviews had a boss battle, what would yours be? 🎮 Stay equipped for the fight and join Kimber Amos for free: antisyphontraining.com/event/anti-cas…
"Who knows what vulnerabilities are hiding just waiting to be found?" Security Consultant Stuart Rorer discusses how to up your recon game during web app penetration tests in this blog post 🔗 redsiege.com/eagleeye #hacking #infosec #cybersecurity
Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…
Active Directory hardening is free…outside of your time. Overall - PingCastle Passwords - FGPP, LAPS, Lithnet Permissions - ADeleg/ADeleginator Applocker - Applocker Inspector/Applocker gen ADCS - Locksmith Logon scripts - ScriptSentry GPO - GPOZaurr Baselines - CIS/Microsoft…
Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳
Learn how to wield Proxifier like a pro in Senior Security Consultant Justin Palk's guide "How to Set Up Proxifier for Penetration Testing" 🔗 redsiege.com/proxifier #hacking #infosec #cybersecurity
Penetration testing has repetitive tasks that can be time-consuming and have errors. In our next webinar, we'll be showing how to use Bash to streamline your workflow to save time, prevent mistakes, and delivers consistent results. Register now! trustedsec.zoom.us/webinar/regist…
🚨 FREE Microsoft Purview Blueprints are available to download! These deployment models were created by the Microsoft Product Engineering team, based on proven deployments with organisations. Designed for IT administrators, security teams, and compliance stakeholders tasked…
We're excited to to announce the release of a new tool, jcd, for Linux and Mac, and ZoomIt v9.01 with fixes! Get the tools at sysinternals.com. See what's new on the Sysinternals Blog: techcommunity.microsoft.com/blog/sysintern…
techcommunity.microsoft.com
jcd 1.0 for Linux and Mac, and ZoomIt v9.01 | Microsoft Community Hub
jcd 1.0 for Linux and Mac jcd (jump change directory) is a Sysinternals command-line tool that provides quick directory navigation with substring matching...
I will just leave this here without context, you can figure out what to do with it learn.microsoft.com/en-us/powershe…
Even with HTTPS, Windows Server Update Services can be abused if attackers obtain a trusted certificate, allowing authentication relay. In our blog, @Coontzy1 explains how WSUS traffic can be found and abused, and what sparked his investigation. Read now! trustedsec.com/blog/wsus-is-s…
In response to Senator @RonWyden's letter to the FTC, I have put together my comments on Kerberoasting and RC4. redsiege.com/blog/2025/09/k…
I'm **begging you** Please have a conversation with your SOC and SOC leadership about how logging in the cloud works. 1. the defaults are pretty bad 2. you must account for delays of the log even being written. ("real time" in the cloud can be +/- 20 min)
United States الاتجاهات
- 1. #DWTS 37K posts
- 2. Yamamoto 26.3K posts
- 3. Ohtani 12.8K posts
- 4. #DWCS 6,900 posts
- 5. #Dodgers 14.1K posts
- 6. #WWENXT 17K posts
- 7. Robert 104K posts
- 8. Haji Wright N/A
- 9. Carrie Ann 4,423 posts
- 10. #RHOSLC 3,945 posts
- 11. Brewers 37.9K posts
- 12. Roldan 2,353 posts
- 13. Young Republicans 57.2K posts
- 14. Elaine 57.9K posts
- 15. Whitney 15K posts
- 16. Yelich 1,653 posts
- 17. Max Muncy 4,032 posts
- 18. Politico 276K posts
- 19. Dylan 32.4K posts
- 20. Mr. Feeny 1,682 posts
قد يعجبك
-
David Boyd
@fir3d0g -
ʝօʄʄ ȶɦʏɛʀ 🇦🇺🇺🇸 @yoda66.bsky.social
@joff_thyer -
Brian Phillips
@BrianRPhillips -
Tim V
@Ajediday -
[email protected] & bsky
@SciaticNerd -
Adam Compton (@[email protected])
@tatanus -
Pete Hewitt - @[email protected]
@p373w007 -
Samwise
@TeaPartyTechie -
Bryant Mitchell
@Bryant_Mitchell -
The Deputy
@VeldaLempka -
Karl
@synthwave2k -
Jake Servaty
@0x_Sp4ms -
Ⓣravוֹs
@1nfosecs
Something went wrong.
Something went wrong.