Don Garrison

@J0hnnyXm4s @Jaku If that’s your objective, you’re in luck.

@Jaku I only watch twitch for the ads

I hate that saying this makes me sound like a corp shill, but this does the opposite. The more ads get blocked, the more platforms push new ad formats, subscriptions & invasive monetization to close the gap. Then everyone wonders why the viewing experience keeps getting worse.

@mikko @Spotify Your account or a sock puppet account?

Who can beat my First Day On @Spotify? I think I was pretty early.

Every week I share a curated list of red team-specific jobs (or similar/adjacent) that caught my attention. My goal is simple: help job hunters in the offensive security space find a red team-specific role. Below is this week’s list: 🏛 Company + Role: CrowdStrike, Red Team Principal Consultant 👀 Quick Insights: Remote (United States), Comp: $140k-$195k/yr base + bonus + equity + benefits, Consulting, Individual contributor 🎯 Apply Here: crowdstrike.wd5.myworkdayjobs.com/crowdstrikecar…—Remote/Red-Team-Principal-Consultant–Remote-_R26909-1 ✏️ Notes: Standout w/ minimum 1 year of experience in a leadership role + community participation (conference speaker, tool development contributor, etc.) 🏛 Company + Role: Moderna, Senior Red Team Engineer 👀 Quick Insights: Remote (Remote, USA), Comp: $159k-$286k/yr base + bonus + equity + benefits, Internal team, Individual contributor 🎯 Apply Here: modernatx.wd1.myworkdayjobs.com/M_tx/job/Seatt… ✏️ Notes: This role reports to the Senior Director of the Security Engineering & Response organization and works closely with Incident Response, Threat Intelligence, and Detection Engineering. 🏛 Company + Role: Booz Allen Hamilton, Cybersecurity Advanced Red Team Operator 👀 Quick Insights: Onsite (Norfolk, VA), Comp: $87k-$198k/yr base + benefits, Consulting, Individual contributor 🎯 Apply Here: careers.boozallen.com/careers/JobDet… ✏️ Notes: Red team role supporting U.S. Navy systems. Secret clearance required; Standout w/ TS/SCI. 🏛 Company + Role: Resource Management Concepts, Red Team Security Engineer 👀 Quick Insights: Onsite (Quantico, VA), Comp: $150k-$165k/yr base + benefits, Consulting, Individual contributor, Travel: considerable 🎯 Apply Here: careers.rmcweb.com/_/j/C780EA4F58/ ✏️ Notes: Requires TS/SCI + DoD 8570 IAT Level III certification + DoD 8570 CSSP Auditor certification + DoD 8140 certification 🏛 Company + Role: Microsoft, Senior Red Team Security Engineer (IC4) 👀 Quick Insights: Hybrid (Redmond, WA), Comp: $120k-$258k/yr base + equity + benefits, Internal team, Individual contributor 🎯 Apply Here: apply.careers.microsoft.com/careers/job/19… ✏️ Notes: Standout w/ 5+ years experience in identifying security vulnerabilities. Requires 3 days in-office per week. 🏛 Company + Role: Microsoft, Red Team Security Engineer 2 (IC3) 👀 Quick Insights: Hybrid (Redmond, WA), Comp: $101k-$215k/yr base + benefits, Internal team, Individual contributor 🎯 Apply Here: apply.careers.microsoft.com/careers/job/19… ✏️ Notes: Standout w/ 3+ years experience in identifying security vulnerabilities. Requires 3 days in-office per week. 🏛 Company + Role: Apple, Red Team Platform and Hardware Security Researcher 👀 Quick Insights: Onsite (Cupertino, CA), Comp: $181k-$318k/yr base + equity + benefits, Internal team, Individual contributor 🎯 Apply Here: jobs.apple.com/en-us/details/… ✏️ Notes: Standout w/ past experience creating working PoCs from found vulnerabilities on systems with advanced countermeasures (ASLR, TZ, PAC, etc).

There are two main password attacks leveraged by adversaries; one is called Password Spraying and the other is called Kerberoasting. This post focuses on identifying accounts that may be targeted for Kerberoasting and how to harden the environment against Kerberoasting. Password spraying involves the attacker using a list of passwords and for each password attempts to authenticate as each user using that one password. After working through all users with the first password, they move on to the next password in the list. Successful authentication is noted along the way as these are compromised accounts. I wrote about detecting password spraying here: trustedsec.com/blog/detecting… Kerberoasting is possible when an Active Directory account has a Kerberos Service Principal Name (SPN) associated with it. In order to enable Kerberos authentication for an application, the associated service account needs a SPN. Kerberoasting takes advantage of the fact that one can request a service ticket using the SPN associated with a target service account and take that Kerberos service ticket offline to attempt to crack it. Attackers are most likely to attempt Kerberoasting on the accounts with passwords that are about 5 years and older since they are more likely to have poor passwords, though attackers may just attempt kerberoasting all AD accounts that have SPNs. For more information on how Kerberoasting works as well as detecting Kerberoasting. read this article: adsecurity.org/?p=3458 I wrote a short PowerShell script that identifies all accounts with SPNs as well as Active Directory admin accounts with SPNs (leverages the Active Directory PowerShell module): github.com/PyroTek3/Misc/… TO DO LIST: 1. Remove SPNs from AD Admin accounts associated with people since they shouldn't have any SPNs associated with them. 2. If the default domain administrator account is listed here, work to remove the SPN associated with it. This account should never have a SPN. 3. Remove SPNs from the other accounts associated with people since they shouldn't have any SPNs associated with them. 4. Identify service accounts identified as AD Admin accounts (those that are members of Administrators, Domain Admins, or Enterprise Admins). Remove accounts that don't belong and leave only those accounts that require these privileges (should be a minimal to 0 list of service accounts). 5. Identify the AD Admin accounts that have old passwords (> 5 years) and put together a plan to change those passwords, preferably with a password of >25 characters. 6. Identify the other accounts that have old passwords (> 5 years) and put together a plan to change those passwords, preferably with a password of >25 characters. IMPORTANT NOTE: Ignore the krbtgt account as this is required to be configured this way for AD Kerberos to work. Do not modify the krbtgt account!

@Officialwhyte22 Up arrow

Which Linux command do you use everyday?

@rootsecdev @nyxgeek @curi0usJack I’m doin’ my part.

This checks out @nyxgeek and @curi0usJack need to pump those numbers up. Those are rookie numbers

Updated Sysmon Community Guide, by @Carlos_Perez github.com/trustedsec/Sys…

Cyber Deception, Active Defense, Honey Pots? OH MY! Join John Strand in his next live class: Active Defense & Cyber Deception and get your hands on the keyboard: antisyphontraining.com/product/active…

@SecurityWeek Mike and Harvey are wanted for questioning.

Alumni, Student, and Staff Information Stolen From Harvard University securityweek.com/alumni-student…

@TheRegister Missing “Google” from 1st paragraph

Hacking contest kerfuffle over copied rules pits Wiz against ZDI dlvr.it/TNTh7b

2011: The first DerbyCon security conference was held. The opening keynote was HD Moore's "Acoustic Intrusions". Founded by Martin Bos, Dave Kennedy, Alex Kah and Adrian Crenshaw, the conference took place in Louisville, Kentucky annually through 2019.

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member

@Evil_Mog Wait…the right-hand-rule applies to light?

And this is what is wrong with the world

@nixcraft Load monitor

you are a dinosaur if you know what this is...

@nixcraft Weep

7 FREE ways (minus your time) to have a more secure on-prem Active Directory environment… 1, Run PingCastle and fix all the findings with a score of 25 points or higher 2, Run Locksmith and fix all Critical & High issues 3, Run ScriptSentry and fix all findings 4, Run ADeleginator and fix any elevated permissions that Domain Users, Authenticated Users or Everyone has on privileged resources 5, Audit all scheduled tasks and services on all servers and ensure they adhere to least privilege 6, Audit all shares for plaintext passwords 7, Hire me for an internal pentest 😎🙊 DMs open

Microsoft supported backups of Active Directory are very important to have. For backing up Domain Controllers, this is typically a System State backup. Why a Microsoft supported backup? If you are using a backup solution that isn't fully AD aware, performing a restore may involve getting Microsoft involved and that costs $$. I know companies that have used ####### (redacted) to backup their AD and there was no System State and the backup wasn't a full AD aware backup so they ended up paying ###### $$$ and Microsoft $$$. Just get a System State backup of the DCs that host your FSMO roles about every month and be prepared for a scenario where you may have to restore AD. Determining if a recent supported backup has been performed is easy since these backups update a bit in each partition. PowerShell code to check the current domain for the last Microsoft supported AD backup: $ContextType = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain $Context = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext($ContextType,(Get-ADDomain).DNSRoot) $DomainController = [System.DirectoryServices.ActiveDirectory.DomainController]::findOne($Context) [string[]]$Partitions = (Get-ADRootDSE).namingContexts foreach ($Partition in $Partitions) { $dsaSignature = $DomainController.GetReplicationMetadata($Partition).Item("dsaSignature") Write-Host "$Partition was backed up $($dsaSignature.LastOriginatingChangeTime.DateTime)" } #ActiveDirectorySecurityTip

@f0zziehakz weep

Survey ranks Lexington the 13th most 'boring' city in America lex18.com/news/covering-… I have lived in 4 of these cities and been to all but Tulsa. I agree with this list.

@rootsecdev Want

This either needs to be a sticker or a backpack patch

@HackingDave Need giant speaker.

Have to imagine this is what Doc Browns lab looked like 🤣