If you haven't already, would you consider subscribing to my Youtube? It's stupid difficult to break the algorithm on the platform, and I would love to keep producing videos and content. Make sure to check out my new PowerShell course too! Thanks! youtube.com/c/JoeHellethem…

I like to go back and read this thread now and then. It's so poetic.

what's not normal in this process access event ? 🧐

4 Free labs to learn OAuth Vulnerabilities 🧵

The time is finally here! Save 15% OFF - PNPT. Save 25% OFF - ALL courses. Save 25% OFF - 1st month of All-Access Pass. 10% of ALL sales will be donated to charity. Coupon Code: HONOR Sale Ends: May 30th 11:59PM(EST) academy.tcm-sec.com certifications.tcm-sec.com

Of course this came out on a Friday… holiday weekend too… time to dig in..

I really hated Linux auditing until I found this. Couple it with Laurel and it becomes really easy to ingest these types of logs. Best of all, logging on linux is so rare most adversaries won't see it coming and get caught instantly. Demo here: youtube.com/watch?v=lc1i9h…

Matt Zorich If rc4 is still enabled with Kerberos (not aes only), set the password you like. Cannot be empty but one char password is ok … github.com/vletoux/NTLMIn…

If you haven’t yet moved off of SMS/text for MFA, this is the risk. At Trimarc, we see most Azure AD customers with MFA configured have SMS as an option. Disable SMS as a 2nd factor when possible. Authenticator App is best for most scenarios. FIDO2 is the strongest method.

lmao bruh this one of the most insane things I’ve ever seen

🔒 Secure Bits 💡 𝗗𝗶𝗱 𝘆𝗼𝘂 𝗸𝗻𝗼𝘄 𝘁𝗵𝗲𝗿𝗲’𝘀 𝗮 𝗹𝗼𝗰𝗮𝗹 𝗔𝗱𝗺𝗶𝗻𝗶𝘀𝘁𝗿𝗮𝘁𝗼𝗿 𝗮𝗰𝗰𝗼𝘂𝗻𝘁 𝗼𝗻 𝗗𝗼𝗺𝗮𝗶𝗻 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲𝗿𝘀? Yes — it’s the DSRM account (Directory Services Restore Mode), used in disaster recovery scenarios when AD is offline. But it