Sean Metcalf

22.9K posts

Sean Metcalf

@PyroTek3

Identity Security Architect @ TrustedSec. Microsoft Certified Master #ActiveDirectory & former Microsoft MVP. Co-Host @ Enterprise Security Weekly. He/Him. #BLM

4°08'15.0N 162°03'42.0E Katılım Ağustos 2014

673 Takip Edilen36.9K Takipçiler

Sabitlenmiş Tweet

Sean Metcalf@PyroTek3·3 Haz

To my black family, friends, and people seeing this: I love you You matter I'm here for you #BlackLivesMatter

English

138

Sean Metcalf@PyroTek3·5h

Updated my PowerShell script "Invoke-ADLabBuildOut.ps1" so it now creates AD sites, subnets, and site links (based on the created sites). This script takes a newly built AD lab environment and makes it look like a production environment along with common security issues. github.com/PyroTek3/ADLab

English

2.9K

Sean Metcalf retweetledi

IntellectualDorkWeb@Intel_Dork·12h

ZXX

118

242

1.6K

25.3K

Sean Metcalf retweetledi

Harrison Ford@HarrisonFordLA·1d

May the fourth be with you

GIF

English

2.7K

49.7K

206K

5.7M

Sean Metcalf retweetledi

Tom Jøran Sønstebyseter Rønning@L1v1ng0ffTh3L4N·9h

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.

English

122

537

4.3K

385K

Sean Metcalf retweetledi

William Shatner@WilliamShatner·10h

Some people use the Force… 🤨 I prefer a well-timed toast and a five-year mission. 🥂 May the Fourth be with you… if you must but let’s be honest; I’ve been boldly going since before it was cool. 😉🚀

English

884

4.3K

26.9K

289.8K

Sean Metcalf retweetledi

Merriam-Webster@MerriamWebster·10h

FWIW: ‘parsec’ is a measure of distance, not time, but that doesn’t make the Millennium Falcon’s Kessel Run any less impressive.

English

556

4.6K

265K

Sean Metcalf retweetledi

Justin Elze@HackingLZ·15h

ZXX

3.1K

Sean Metcalf retweetledi

Marie Isabella@MarieIsabellaB·12h

😆😆

QME

498

4.7K

28.4K

1.2M

Sean Metcalf retweetledi

Pulp Librarian@PulpLibrarian·2d

I regret to inform you that Ask Jeeves is dead. The site closed yesterday. Web 1.0 lost another founder. Ask Jeeves: 3 June 1996 - 1 May 2026. Send no memes.

English

1.1K

13.2K

71.7K

3.2M

Sean Metcalf retweetledi

Florian Roth ⚡️@cyb3rops·1d

Okay, wow bugzilla.mozilla.org/show_bug.cgi?i…

Florian Roth ⚡️@cyb3rops

Anyone else seeing Microsoft #Defender flagging #DigiCert root certificate registry keys as malware? We’ve seen reports that Defender signature update from April 30 added a detection called: Trojan:Win32/Cerdigent.A!dha In some environments, Defender apparently detected DigiCert Root CA certificate registry entries and removed them from the trust store. The affected cert hashes mentioned so far: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Example path: HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 There’s also a Reddit comment suggesting Microsoft has started restoring the certs and that admins can check this via Advanced Hunting in Defender: DeviceRegistryEvents | where RegistryKey contains "0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43" or RegistryKey contains "DDFB16CD4931C973A2037D3FC83A4D7D775D05E4" | where ActionType == "RegistryKeyCreated" | where Timestamp > datetime(2026-05-03T04:00:00) | project Timestamp, DeviceName, ActionType, InitiatingProcessFileName | order by Timestamp desc On an affected device, this can also be checked with: certutil -store AuthRoot | findstr -i "digicert" Could become an annoying day for admins if this spreads reddit.com/r/cybersecurit…

English

143

924

152.9K

Sean Metcalf retweetledi

Florian Roth ⚡️@cyb3rops·4d

We released first detection rules for Copy Fail / CVE-2026-31431. YARA rules by me: github.com/Neo23x0/signat… It covers public PoC artifacts, including known payloads, exploit code fragments and URLs seen in shared material. More generic rules for customer environments are still in testing. Sigma rules by @_swachchhanda_: github.com/SigmaHQ/sigma/… They cover suspicious Copy Fail-related exploitation patterns, including setuid binary execution behavior and NULL argv shell execution. More updates soon.

Florian Roth ⚡️@cyb3rops

You probably already heard about Copy Fail - the Linux LPE that affects basically every current distro and shared-kernel/container environment I’ll post a few updates here soon copy.fail

English

153

541

110.6K

Sean Metcalf retweetledi

Lenny Zeltser@lennyzeltser·3d

Generic AI does generic work. Once Claude Code knows your tools, your conventions, and your past projects, its outcomes start fitting how you actually operate. The seven-layer Personal AI Stack lays out what to add and why. zeltser.com/personal-ai-st…

English

2.3K

Sean Metcalf retweetledi

International Cyber Digest@IntCyberDigest·3d

🚨 Two US cybersecurity professionals have been sentenced for moonlighting as ALPHV BlackCat ransomware affiliates. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, deployed BlackCat ransomware against multiple US victims between April and December 2023. They paid the operators a 20% cut for access to the platform, hit medical and engineering firms, leaked patient data to pressure payment, and split a $1.2 million Bitcoin ransom three ways with co-conspirator Angelo Martino. Martino had a second job. He worked as a ransomware negotiator for victims, and used that role to leak confidential victim information to the attackers to push ransom prices up. When Goldberg tried to flee abroad, the FBI tracked him through 10 countries before he was caught. Both men were sentenced yesterday. Martino is sentenced July 9.

English

152

660

68.2K

Sean Metcalf retweetledi

SwiftOnSecurity@SwiftOnSecurity·3d

@olafhartong

QME

Sean Metcalf retweetledi

spencer@techspence·3d

MFA on RDP is security theatre… If you’re not also protecting WinRM, SMB, etc. For example on servers PSRemoting is enabled by default. Any user who’s a local admin on a server where PSRemoting is enabled and available can use New-PSSession/Enter-PSSession to connect to that remote host. This is my goto lateral movement move when I get an admin/service account.

English

246

18K

Sean Metcalf retweetledi

Justin Elze@HackingLZ·3d

Good break down video on Copy Fail youtu.be/MaFK5AXpXXw?si…

YouTube

English

8.1K

Sean Metcalf retweetledi

Dave Lewis@gattaca·3d

Every AI agent is a new access path. Treat it like one. Assign an owner, narrow the scope, store credentials in a vault, and keep a shutoff switch ready. Imagine each AI agent as a toddler whacked out on sugar, running around wielding a large chef knife.

English

Sean Metcalf retweetledi

TrustedSec@TrustedSec·23 Nis

How well do you really understand what's happening inside a #Kerberos exchange? In our latest blog, @codewhisperer84 breaks down the full authentication flow and demonstrates how to interact with every stage using the #Titanis toolset. Read it now! hubs.la/Q04dcFgv0

English

183

11.7K

Sean Metcalf retweetledi

Enno Rey@Enno_Insinuator·4d

It will be huge! – (mostly) full @WEareTROOPERS #TROOPERS26 agenda published: #agenda-day--2026-06-24" target="_blank" rel="nofollow noopener">troopers.de/troopers26/age… #agenda-day--2026-06-25" target="_blank" rel="nofollow noopener">troopers.de/troopers26/age…

English

4.4K

Keşfet

@_swachchhanda_ @DHAhole @misstennisha @intigriti @zbraiterman @thejonmccoy @BentleyAudrey @Jhaddix