So there is this thing, it is called the theory of planned behavior. You start to predict an individual's intentions to engage in a behavior at a specific time and place. I don't know if you've been looking at your phones or looking at your screens but be careful with your info.

Mailbox auditing has always been a pain... :( There is a reason my scripts get ALL mailboxes and iterate through them to force enable auditing and all records instead of trusting attributes Don't wait until IR to found out you're hosed, follow my guide: https://t.co/NKtQGQKeRm

We’ve been digging through the #React RCE mess for two days now, trying to get at least some visibility into what’s going on out there. None of this is easy to detect, and most signals vanish in memory before you can even look at them. My teammate @_swachchhanda_ put together a

From Hours to Seconds: Meet the Grok-Powered Automated IR Playbook Generator https://t.co/jKo0DwUN61 #AI #ResponsibleAI

It’s here — AND’s biggest (and only!) sale of the year! For a limited time, every course is 25% off with code ALLYALL. Level up your skills and sharpen your defenses. Visit https://t.co/JJOAtJrBBO

LIFTOFF! All my courses on https://t.co/Va1R6MlZZV are 25% off until Tuesday, 12/2, at midnight ET 🚀 This is the only sitewide sale we do all year, and the cheapest you'll see these courses. This event is for all y'all, so to get the discount, use code ALLYALL at checkout.

I seem to have developed a new hobby: building decoy hack tools. Binaries that look suspicious, act like the real thing, and then… do absolutely nothing. Just released NoCat, a Netcat impersonator for detection tests and pipelines. https://t.co/E5AKsh7uaR

If you are building SIEM & SOC functionality from scratch and assuming you have all the required logs - what are the first 5 detection rules you create?

It is time for our first giveaway. We're giving away a Librem 14 from Purism. It's a fancy expensive $1,400+- laptop. Requirements: - Follow @ddd1ms on Xitter - Comment below Librem is a pro-privacy laptop that unironically comes with a fuckin' kill switches for mic,

Olaf is amazing :) For those who might want to use this in PowerShell, I created a little gist to get the tokens to talk to the MTP APIs https://t.co/zgYhczQ1os Some API endpoints don't allow this anymore, not sure why 🤷‍♂️ I'll show how to find the URLs in the next post ;)

ICYMI, "Next year, Windows updates for Windows 11 and Windows Server 2025 will bring Sysmon functionality natively to Windows." via Mark Russinovich ✅Same rich functionality, including support for custom configuration files ✅No separate download or manual deployment ✅Automated

Since Sysmon is shipping with Windows 11 bump https://t.co/36F1CIRKIL

In the Sandhills of NC, bees produce PURPLE honey. It’s the only place in the entire world where this happens. For my new followers…your Entomology lesson for the day.

CyberSec Trends Q4/25🔮 ⬆️NPM/PyPi/VSCode supply chain attacks ⬆️Rust/Go hack tools/malware ↗️EDR Blinding ↗️Abuse of legit RMM tools ↗️Token persistence/cloud API abuse ↗️Malicious LNK files ↗️.NET Single File Host ↗️ClickFix & FileFix ↗️Phishing w/ Job Ads

Regular reminder… this hardening series by Jerry Devore is super awesome. There’s no way you won’t learn things by reading these. Part 1 - Disabling NTLMv1 Part 2 - Removing SMBv1 Part 3 - Enforcing LDAP Signing Part 4 - Enforcing AES for Kerberos Part 5 - Enforcing LDAP

If you are curious about what kind of questions I ask when interviewing for my team, I thought I would share some examples. I usually cover everything identity, whether that is on premises Active Directory, Entra, OAuth and everything in between. In general, I try to ask

A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited. The attack chain: - Found exposed Kubernetes dashboard (our bad) - Dashboard had view-only service account (we thought this was safe) - Service account could list secrets

The Tail of the Dragon is an 11 mile stretch of Highway 129. It begins near Robbinsville, NC and ends Tabcat Creek Bridge in Tennessee. It’s famous for its switchbacks without guardrails and sought out by sports car and motorcycle enthusiasts. ✌🏼

Why the Web was Down Today - Explained by a Retired Microsoft Engineer...

I wish there were a PowerShell module like Pandas. It could make a huge impact in DFIR and other areas.

10/17/2025: Every week I share a curated list of red team-specific jobs (or similar/adjacent) that caught my attention or were shared with me by others in the community. My goal is to help job hunters in the offensive security space find a red team-specific role. 🏛 Company +