The first big update is live inside Crucible. New dashboard, never before seen challenges, progress tracking, walkthroughs…

Go check it out!

crucible.dreadnode.io

I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March.

If you are interested in getting credentials from LSASS without accessing its memory, check it out!
medium.com/specter-ops-po…

I am over the fscking moon about this:

elastic.co/de/blog/elasti…

This is absolutely awesome!

If you want to get started with BloodHound CE, then I highly recommend reading this awesome blog post by Chris Haller. It's a great resource to kickstart your journey!
m4lwhere.medium.com/the-ultimate-g…

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec!
posts.specterops.io/rooting-out-ri…

THE KUBERNETES DOESN'T STOP
I'm learning the 'k3s' way of configuring kubernetes and created a Helm repo for Ghidra server. I learned a ton and if anyone finds it useful, you're free to use it:
github.com/t94j0/ghidra-k…

Perhaps the single best thing that could happen to get MS to get its act together on improving Windows and AD security, maintainability, etc. without compelling customers to buy addons would be for DOJ to start investigating the above. And if news of that were somehow😯 to leak.

Lee Chagolla-Christensen Brian in Pittsburgh And unfortunately, without some sort of mandate I don't ever see Microsoft allocating the resources to put misconfiguration guardrails in place for any on-prem solutions.

From my experience, the only way this changes is if $$$$$ paying customers demand it. Most are ignorant (including those big customers) or less funded, hence no demand.

This is a thing that really galls me.
Microsoft could do things to help customers secure AD that don't require any breaking changes at ecosystem level.
For example, Windows Server could have integrated functionality or tools to help admins spot dangerous configuration issues.

I'm hiring a Staff Security Engineer focused on Detection & Incident Response. Qualified candidates have experience building detections & automations, understand adversary behavior, and can code.

100% remote, great benefits, US persons only.

jobs.ashbyhq.com/materialsecuri…

'The maintainers of libcolorpicker.so can’t be the only thing that stands between your critical infrastructure and Russian or Chinese intelligence services.'

lcamtuf.substack.com/p/oss-backdoor…