One of our very smart Active Directory experts has been putting together a series of blog posts about hardening AD. Already into its 7th installment, it covers SMB hardening, disabling NTLMv1, least privilege and more. Check the series out - techcommunity.microsoft.com/tag/adhardening

A message from our new Chief Security Officer at Perplexity:

A little while ago I wrote a long piece detailing some of the issues we commonly find in Active Directory during compromises. If you are defender, work in identity or manage AD in anyway hopefully you find something valuable in here - techcommunity.microsoft.com/blog/microsoft…

When troubleshooting, you can significantly increase the logging for replication events with appropriate NTDS diagnostic values: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics "5 Replication Events" “22 RPC Client” “23 RPC Server” Start with level 3

They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not like us. They not

both killed by a Cybertruck RIP

It’s amazing how the further up the corporate ladder you go (or the more time you spend in an industry) l, things all start to revert back to Version 1.

If you need to pinpoint which DC made the change to an AD object/attribute you can use: repadmin /showobjmeta dcname objectDN It's a handy place to start; then go inspect the event logs for that DC to get more detail on whatever you're trying to find out.

We know that "ipconfig /displaydns" can be used to inspect the DNS cache on a windows client It's especially useful for AD troubleshooting though. Example: we can understand why a client might still be talking to a DC that was moved to a new site. You can see that this guy

If you need to simulate the windows domain controller locator API (DSGETDCNAME) on a client to see which DC they would be talking to, or which site they believe they are in, use nltest: nltest /dsgetdc:yourdomain.local

BREAKING: The Internet Massive outage being reported across platforms including Spotify, Google Cloud, AWS, Cloudflare, Claude, YouTube, Gmail, and many, many, more

Before moving from my role at Google to Snowflake I sat down and did a braindump of all the guidelines that I follow (or followed at one point and wanted to reintroduce). For those interested, here are the ~34 guidelines that made the cut

The #BSidesNYC call for papers is still open. Submit your topic today! bsidesnyc.org

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

ChatGPT o3 had genuinely replaced Google for me. I used it every day and was my most used subscription. After using GPT-5 Thinking since release this feels like a downgrade. If this isn’t fixed this is what gets me to try other services.

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member

Folks, I'm super excited to announce a three part webinar series from Microsoft that involves some of your favorite folks from the Entra community. Nathan McNulty and Ru Campbell will be joining me and others from Microsoft to talk about implementing Zero Trust for identity and

This 👇 Any type of passkey (including synced passkey) is a million times better than all other phishable password + MFA option All of us in IT and cybersec need to get out of the way of passkey rollouts

What’s your cybersecurity take that’s got you like this? I’m heading out but when I’m back I’ll drop some of my own in the comments.

🚨 Microsoft just changed Microsoft 365 governance → permanently For years, tenant governance has meant: 🔺 Scripts 🔺 Manual processes 🔺 PowerShell 🔺 Documentation 🔺 Drift 🔺 Inconsistency 🔺 Risk 🔺 Tribal knowledge That model is officially over. In the latest episode