Again recommending my fun VirusTotal course on KC7 - Cyber detective game: kc7cyber.com/modules/VT101 It covers basics I've not seen elsewhere to empower analysts. Example: Signed File has 0/72 score virustotal.com/gui/file/496b7… Is it benign or not? How can we quickly come to a conclusion? /1

Holy shit David Schuetz darthnull.org/noisestorms/

Sharing this here .. tldr is you want to enable Protected Print when you get the H2 update. It is one of the best things you can do for your security. This is coming from the guy who runs Windows security testing. infosec.exchange/deck/@spoofy/1…

In just a few days, Microsoft will start enforcing MFA for admin access in Azure. Last chance to verify that all break-glass accounts are ready for this. techcommunity.microsoft.com/t5/microsoft-e…

I'm thrilled to announce a new release of #Monkey365! This new release contains a lot of improvements and fixes. For example new flags were added to list collectors and CIS benchmarks for both Azure and M365 were updated to 3.0 version. Check it now! github.com/silverhack/mon…

🚨I wrote a blog post describing automation to revoke user access in a single click; ✅Disable user account ✅Reset password ✅Revoke sign in sessions ✅Delete authentication methods And more! #Security #EntraID #automation #LogicApps inthecloud247.com/revoke-user-ac…

Our Founding Engineer Michael has been in the weeds of Azure logging for the past few months. Some of the details discovered may surprise you... tracebit.com/blog/azure-det…

A special holiday treat for everyone. I am extremely excited to publicly release Censeye, a CLI-based threat hunting tool for use with the Censys API. censys.com/automated-hunt…

Infosec has too many straight people. This leads to a chronic lack of flair, overly rigid categorization of “normal” behaviors, and work environments so dry they could double as sandpaper. Even terminology like “kill chain” reeks of unnecessarily aggressive overcompensation, as

This is a simple .NET tool I wrote as apart of my research with Jonathan Beierle called Krueger, meant for disabling EDR remotely with WDAC to assist in lateral movement activities. github.com/logangoins/Kru…

NFS has not received much attention of the offensive security community in nearly a decade. Today, we are happy to share our research on the topic: hvs-consulting.de/en/nfs-securit…. I'll give you a short overview in this thread 🧵 (1/5) #redteam #pentest

I think the most common misunderstanding of Conditional Access is its relationship to authentication, and this results in not understanding how the rest of the controls actually work Conditional Access performs authorization by evaluating tokens from the authentication service

Device filter rules fail on unregistered devices if you use: (device.deviceTrustType -eq "AzureAD") > Because props = null, the rule won’t match. > Use negative logic: -ne, -not, -contains > Null ≠ value → rule applies. Pro tip: Always test for null paths in device filters

Book Announcement. It's official. Coming in 2026 my book on the 7 habits of elite security programs. Happy to be partnering with itrevolution.com/books/ and become a part of the stable of content like The Phoenix Project.

My personal internal pentest “dirty dozen” list (aka the most dangerous and common internal findings) *not necessarily in any particular order 1. ESC1 2. ESC4 3. ESC8 4. Kerberoastable admins with weak passwords 5. Plaintext admin or SQL credentials on file shares 6. Insecure

Here is a link to the PIDGN kickstarter project which I showed off this past weekend at NolaCon: kickstarter.com/projects/pidgn… I am so happy to see this project go live!

A hill I will always die on... Intrusion detection tools that don't expose their detection logic with alerts are a sure sign that product management is out of touch or has misaligned priorities with SOC goals. The product's goal is to help analysts perform their job effectively.

What to do when missiles fell near your house? Chill out and write the blog post you wanted to write 5 month ago!🥳 Peace and love everyone!💕☮️ sapirxfed.com/2025/06/20/wha…

During a recent incident response case, we observed the following file access: \\localhost\C$\@ GMT-2025.06.21-10.53.43\Windows\NTDS\ntds.dit This is a clever method of accessing a Volume Shadow Copy (VSS) snapshot. Many EDR and detection systems typically monitor for commands