ps - I created an AD Security resource kit for IT admins. If you want to know where to start & what issues to look for, then this is for you. You can get access to it by signing up for my free email newsletter. If you're already a subscriber, DM me for the link! 👇 Access it

I scheduled this post to go live on Friday fully betting something spicy would happen...lets see if this pans out 😅

Why guess when you can know?

What if we just got rid of the security products that were not carrying their weight and put that money into better trained & more knowledgeable people…

I’m rooting for you to have a clean pentest report…but honestly, I kind of hope you don’t. You learn way more when we find the dumb stuff like creds dumped on a share or Domain Users with Full Control on the DC OU. What did your last pentest actually teach you, what did you

What we need less of: Products that promise to solve ALL your problems (and even some you don’t have) automatically while you sleep except you end up paying money to introduce new problems you also can’t solve What we need more of: products that solve distinct problems that can

@techspence Microsoft Learn has a host of free learning paths for Active Directory, Identity and Access Management, and any cert of theirs one might find useful. https://t.co/bcd9Eyu7XN I'd also recommend getting comfortable with control groups from either MCSB or CIS benchmarks

A strong defense starts long before an incident. We distilled 20+ years of Mandiant breach experience into a practical guide for building an effective #IncidentResponse plan. Stay prepared, not reactive. Read the guide ➡️ https://t.co/QiIM9E0eRa

America needs you! Join U.S. Immigration and Customs Enforcement today.

🙌🤘💪🤙🙏

> Starting today, if a critical vulnerability has a direct and demonstrable impact to our online services, it’s eligible for a bounty award. Regardless of whether the code is owned and managed by Microsoft, a third-party, or is open source, we will do whatever it takes to

Consistency is a funny thing. No one sees it if they are not there along side you. @kamakauzy thanks for being the best co-host and partner in crime with this podcast. I really really appreciate all the support you all have shown for our content and podcast. Literally the only

What’s working for threat actors once they get inside? Lots of the same things that are still working for us during internal pentests. While we have morals and they don’t… we try our best to use the same/similar TTPs so clients get as close to a taste of what to expect as we

This holiday, skip the stress. USDA Prime steaks delivered to their door. They'll thank you later. 8 FREE Steak Burgers + FREE shipping ($145 value) on orders $149+ Use code SANTA149 →

Stay tuned for more insights from zack. he and I recorded a video the other day. Working on editing and getting it out on the youtubes!

AD Security resources for defenders...👇

What are we all gonna do when AI is doing our jobs for us?

Internal pentest findings that shouldn’t exist in 2025, part 2 - Domain Users members of Domain Admins - Default new user password that’s never changed - Services with unquoted service paths - Unattend xml files with plaintext creds - Non-unique local admin password, for

Chainlink: Linking Crypto to Capital Markets.

Cybersecurity is both easier than we expect and harder than we hope all in one rollercoaster of emotion.

Please share your favorite AD/AD security training or resources in the thread below 🙏

Some of the best content on hardening AD by Jerry Devore https://t.co/NbMPcJvSO3

Another repo that’s not strictly training but is a giant list of resources is by @ThePoolmanjim on the AD subreddit https://t.co/LCtpxZtqIl

I’ve never taken any training from this outfit, so I cannot attest to quality, if anyone can please share what they think of the stuff here https://t.co/jXK4YPqfH1

Put a calendar hold for a meeting** on Friday. (**Playing pickleball)

Not formal training courses but one of the best central places for AD Security knowledge by @PyroTek3 https://t.co/K0Sl4fAVyg