This script will temporarily open TCP ports commonly used by #ActiveDirectory domain controllers to allow network and firewall testing prior to promotion to DC. Currently the ports are coded in to the script, but a future ver. will have more flexibility. https://t.co/Ed2BJRia3I

Aloha DC808 peeps. Happening in a few hours, our gathering at The Social at Ward, 5-7pm. See you there!

Aloha DC808 peeps! We're going to gather 9/25/25 between 5-7PM at The Social in the Ward area. This is a social event, so there won't be any speakers and no solid agenda, just hackers and security peeps in the 808 state talking about the haps. https://t.co/NtGlMKdZHw

I'm seeing so much more garbage like this in my feed. So much AI generated slop as well. Look how much engagement this crap gets?!

My flabbers are gasted. Having a tough time processing, and for some reason I still have a thread of hope? Take care of your peeps AND yourselves.

/me watches everyones' clocks change from Hawaii with that signature look of no-DST-superiority /me then sees all of his mainland/euro meetings shift an hour Curse you DST!

@merill The caveat should be that the password is now longer and passes through a banned password filter. Puppy1234! won’t cut it.

Late Sunday we lost power again here in Hawaii Kai, 9th time > 1 hour I think? I picked up my acoustic bass guitar, and realized I've forgotten almost everything I used to know how to play. In the candlelight I became marginally more sad :(

Yaaaay Hawaii Kai power is out again for the... 8th? 9th? time this year for > 1 hour. @HwnElectric haaaaalp

Trimarc are the industry experts in Active Directory, Microsoft Cloud, & Identity Security, providing assessments with deep dive analysis for both On-Prem & Cloud Active Directory security. Find out how our experts can help secure your enterprise. https://t.co/X05V6t5LzQ

Finally going to take some time off and fly to the Big Island for a bit to relax. How many laptops will I take to work while I "take some time off?"

Ruh roh Looks like a memory module might be dying. New computer time, or be boring and replace the module?

I know many of you use #pihole to help block ads, but I'm curious what your views are on the overall security of the architecture. It runs locally in a docker container or vm, but pulls its list from a different github. Can this arch be subverted in your experience? Details?

Passwords after new NIST controls and still not using banned password protection

Correction to my NIST tweet: I SCREWED UP! As a few people have pointed out and I made a mistake, I apologize, NIST first recommended passwords NOT be rotated in June 2017 *not* 2020 as I originally said in the tweet. I am posting this correction here in its own tweet and in the

For what it is worth, the same requirement is in place in the August 2024 draft update to SP800-63B in section 3.1.1.2 (page 14)

This means you should implement something like Entra Password Protection, Specops Password Blacklist, etc. before relaxing the password rotation and complexity requirements for your organization. https://t.co/xPdgb110YQ #NIST #SP80063B #Password #Complexity

There's lots of good discussion on NIST's recommendations relating to passwords in SP800-63B, but one thing I see frequently missed amidst all the excitement over reduced complexity is the requirement to validate the proposed passwords against a deny list https://t.co/vV9vGqcvfT

I'm listening to @AccidentalCISO and @TheBlindHacker discuss starting a business, and in part 3 1:21:55, this statement by AC really resonated: "I don't do incident response work... I'm in the post emergency phase of my career." IR is a painful crucible https://t.co/nXp93xzO7y

but now on my terms. Some orgs I consult with are hybrid/full RTO, but they know and accept I'll never be either. When faced with unreasonable constraints, unreasonable reaponses may be required to maintain your integrity. 2/2

I've worked full-time remote in highly technical roles for 25 years. My most recent job search last year (another layoff) landed plenty of interviews, but all orgs wanted me hybrid from somewhere not-Hawaii, which is why I amplified my consulting org. I'm still 100% remote, 1/2