This script will temporarily open TCP ports commonly used by #ActiveDirectory domain controllers to allow network and firewall testing prior to promotion to DC. Currently the ports are coded in to the script, but a future ver. will have more flexibility.

I'm seeing so much more garbage like this in my feed. So much AI generated slop as well. Look how much engagement this crap gets?!

Join millions who have switched to Grok.

My flabbers are gasted. Having a tough time processing, and for some reason I still have a thread of hope?. Take care of your peeps AND yourselves.

/me watches everyones' clocks change from Hawaii with that signature look of no-DST-superiority. /me then sees all of his mainland/euro meetings shift an hour. Curse you DST!.

RT @CouldBeTheYear: @merill The caveat should be that the password is now longer and passes through a banned password filter. Puppy1234!….

Late Sunday we lost power again here in Hawaii Kai, 9th time > 1 hour I think? I picked up my acoustic bass guitar, and realized I've forgotten almost everything I used to know how to play. In the candlelight I became marginally more sad :(.

Yaaaay Hawaii Kai power is out again for the. 8th? 9th? time this year for > 1 hour. @HwnElectric haaaaalp.

RT @TrimarcSecurity: Trimarc are the industry experts in Active Directory, Microsoft Cloud, & Identity Security, providing assessments with….

Finally going to take some time off and fly to the Big Island for a bit to relax. How many laptops will I take to work while I "take some time off?".

Ruh roh. Looks like a memory module might be dying. New computer time, or be boring and replace the module?

I know many of you use #pihole to help block ads, but I'm curious what your views are on the overall security of the architecture. It runs locally in a docker container or vm, but pulls its list from a different github. Can this arch be subverted in your experience? Details?.

RT @rootsecdev: Passwords after new NIST controls and still not using banned password protection

RT @blackroomsec: Correction to my NIST tweet: I SCREWED UP!. As a few people have pointed out and I made a mistake, I apologize, NIST firs….

For what it is worth, the same requirement is in place in the August 2024 draft update to SP800-63B in section 3.1.1.2 (page 14)

This means you should implement something like Entra Password Protection, Specops Password Blacklist, etc. before relaxing the password rotation and complexity requirements for your organization. #NIST #SP80063B #Password #Complexity.

There's lots of good discussion on NIST's recommendations relating to passwords in SP800-63B, but one thing I see frequently missed amidst all the excitement over reduced complexity is the requirement to validate the proposed passwords against a deny list .

I'm listening to @AccidentalCISO and @TheBlindHacker discuss starting a business, and in part 3 1:21:55, this statement by AC really resonated:. "I don't do incident response work. I'm in the post emergency phase of my career.". IR is a painful crucible.

but now on my terms. Some orgs I consult with are hybrid/full RTO, but they know and accept I'll never be either. When faced with unreasonable constraints, unreasonable reaponses may be required to maintain your integrity. 2/2.

I've worked full-time remote in highly technical roles for 25 years. My most recent job search last year (another layoff) landed plenty of interviews, but all orgs wanted me hybrid from somewhere not-Hawaii, which is why I amplified my consulting org. I'm still 100% remote, 1/2.

It's almost like people forgot TAO.

Our current political climate is due in part to our political processes. Some states have already moved in this direction, but moving to a ranked-choice voting system would absolutely improve things imo. NPR explainer: