spencer
@techspence
🛠️ Sysadmin roots. Hacker mindset. Defender mission. | Helping IT teams make their environments harder to attack | @SecurIT360 | @cyberthreatpov
You might like
Starting with a DENY ALL approach for application control is a great way to get the project canned... I recommend IT teams start by blocking known badness: - RMM products - Common LotL binaries - Vulnerable drivers These have much higher signals of a "threat" than the wrong…
PAM is great, but just like pentesters need to know their tools, defenders need to understand their security controls
Someone once told me: we use a PAM solution - the admin's password is changed every time they elevate. Me: I became that admin when they logged in to a server I controlled after compromising the primary site server for SCCM. The admin was DBO for all the databases in the…
They immediately laughed and told me that’s not a good password. Lesson, learned 💪😆 x.com/techspence/sta…
I created an account on my gaming pc for my kids, but didn’t tell them the password. They guessed it in 12 minutes. Honestly… I don’t know if I should be worried or proud.
I created an account on my gaming pc for my kids, but didn’t tell them the password. They guessed it in 12 minutes. Honestly… I don’t know if I should be worried or proud.
Be the change you want to see in the world 💪
Some of y’all are way too young to be this jaded in your cybersecurity takes. Whatever problems you think exist in this space, go solve them. You need to still believe that’s possible. You can be angry later.
Testing and validating assumptions is an under appreciated skill. Can’t tell you how many times I’ve found misconfigs in AD as a result of saying: “There’s no way this will work..”
🤦♂️Two Active Directory misconfigs I wish I’d never see again… - Domain Admins used as service accounts with weak passwords - bobjones_adm with the same password as svc_bjones
Auditing & logging in Active Directory is foundational and the starting point for a good threat detection (TD) program. When working with clients on TD assessments one of the most common recommendations we have is, you need to turn on more logs…
Super cool work @TurvSec 🤘 pentestlist.com/users/dfaf596c…
When we launched PentestList v1 last year, I just wanted a simple place to find the best and newest infosec resources. Today, I’m releasing PentestList v2 🚀 After a year of feedback and some user growth, we’ve redesigned the experience and added a bunch of new features: ✅…
More sysadmins need to know this… Domain admins aren’t the end goal, they are the stepping stone to a larger, more expensive outcome
This is the ideal operating system UI. You may not like it, but this is what peak performance looks like.
So, let me say this about Active Directory: Large and mid-sized orgs who have had well-run security programs in place for quite a while and typical levels of resources for large and mid-sized orgs available to devote IT & security should today have quite solid setups in place.
Hard truths about Active Directory… - it’s older than most of the pentesters testing it - attackers know how to attack it as much as sysadmins know how to protect it - misconfigurations age like milk, not wine - once the domain is compromised, you’re basically looking at a…
Why is everything so broken and unstable? The eternal struggle of sysadmins everywhere…
Most pentest buyers focus on price… As with all things in life, the cheapest is usually NOT the best. Here’s 3 questions I recommend folks ask when shopping around: 1. Can I see a real sample report? 2. Can I speak with the actual pentester before signing? 3. Can the…
United States Trends
- 1. Good Sunday 51K posts
- 2. Discussing Web3 N/A
- 3. #HealingFromMozambique 17.8K posts
- 4. #SundayMorning 1,330 posts
- 5. #sundayvibes 4,476 posts
- 6. Wordle 1,576 X N/A
- 7. Blessed Sunday 16.8K posts
- 8. Trump's FBI 10.7K posts
- 9. Gilligan's Island 5,420 posts
- 10. Macrohard 9,238 posts
- 11. #SEVENTEEN_NEW_IN_TACOMA 41.4K posts
- 12. The CDC 31.8K posts
- 13. Go Broncos 1,238 posts
- 14. #SVT_TOUR_NEW_ 33K posts
- 15. Pegula 5,263 posts
- 16. FDV 5min 2,162 posts
- 17. Utah 25.2K posts
- 18. Market Cap Surges N/A
- 19. QUICK TRADE 2,162 posts
- 20. Whale - Buy 1,785 posts
You might like
-
Olaf Hartong
@olafhartong -
Josh
@passthehashbrwn -
Will Dormann is on Mastodon
@wdormann -
Myrtus
@Myrtus0x0 -
Connor McGarr
@33y0re -
Cas van Cooten
@chvancooten -
Greg Lesnewich
@greglesnewich -
J⩜⃝mie Williams
@jamieantisocial -
Dray Agha
@Purp1eW0lf -
Nathan McNulty
@NathanMcNulty -
Chris Sanders 🔎 🧠
@chrissanders88 -
sn🥶vvcr💥sh
@snovvcrash -
Mike Felch (Stay Ready)
@ustayready -
Jeff McJunkin
@jeffmcjunkin -
@[email protected]
@christruncer
Something went wrong.
Something went wrong.