The workshop by @T333333R is now kicking off on automated #DevSecOps infrastructure deployment in McKim Conference Room A #DevSecCon

Wow 2 days went just too fast - thank you for joining us and making this such a great event. Hopefully see you next year! A massive thank-you also to all our speakers at #DevSecCon Boston - we couldn’t do it without you!

One more new feature for Rubeus 1.2.0 - MS kpasswd resets a la ArotoPW github.com/GhostPack/Rube… … Post on all the new fun at posts.specterops.io/rubeus-now-wit… … Thanks again for #kekeo 🥝🏳️‍🌈 Benjamin Delpy! <3

Cool C# Tooling: GhostPack: github.com/GhostPack SharpSploit: github.com/cobbr/SharpSpl… Ways to use them: SharpCradle: github.com/anthemtotheego… SharpSploitConsole: github.com/anthemtotheego… SharpGen: github.com/cobbr/SharpGen SharpCompile: github.com/SpiderLabs/Sha…

I've hacked together a python script to mark boxes as "vulnerable" in BloodHound to assist in path planning. Good for queries like MATCH (n {vulnerable:TRUE}),(m {highvalue:TRUE}),p=shortestPath((n)-[r*1..]->(m)) RETURN p to give you an idea where to start gist.github.com/NotMedic/59f92…

I'm attending @docker Casablanca w/ Docker Bday #6: How do YOU #Docker? on March 27, 2019 events.docker.com/events/details…

Informative security workshop by @T333333R, at #devopsdays #blndevops. Liked the Docker based demos.

Get your #Ticket for sec4dev 2021 - all digital! //#Conference Talk 24-25.02.21// Session: "#CatchMeIfYouCan: #ContinuousDelivery vs. #SecurityAssurance" by TEMMAR Abdessamad! #cybersecurity #itsecurity #softwaresecurity #securecoding sec4dev.io/sessions/catch…

I'm a huge fan of making good security tools available to all. Sadly we, as an industry, have somehow made it that if you want solid Static application security testing (SAST) tools, you have to pay a huge amount and that never sat right with me.

🗺️ DevSecOps Overview by lucas kauffman Lucas provides a nice overview of DevOps and DevSecOps, along with useful hard and soft gates at each step of the development process These activities & ordering are generally what I see most people recommending 👇 cloud101.eu/devsecops-seri…

The offensive AD CS tools from Lee Chagolla-Christensen's and my "Certified Pre-Owned" talk, Certify and ForgeCert, are now live at github.com/GhostPack/Cert… / github.com/GhostPack/Forg… ! Thanks to everyone who attended the talk stream!

Python Interactive Mode save my life <3

RDP Hijacking Passwordless para Windows dlvr.it/Q4zFbb

[Video] Circle City Con 2017 - Effective Report Writing For Security Practitioners bit.ly/2BfBu97

Pull Request of the Day - bit.ly/2BDm1QK

New ADSecurity.org post: "Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory" Provides some attack scenarios and mitigation. If you have RODCs in your #ActiveDirectory environment, you should read this. adsecurity.org/?p=3592

A REAL-LIFE threat against a user, traced from inception with Sysmon (free), detected with PowerShell logging with Win7 WMF5 upgrade (free), ultimately defeated with simple defense-in-depth computer configuration in Group Policy (free). @markrussinovich Jeffrey Snover Lee Holmes

sc0tfree.com/sc0tfree-blog/…

When you deliver the first red team report.