Anthony Peyton

@OIIIEGA @Mrgunsngear If it were going to happen anywhere it would be Texas or Florida. The base there is far right republicans who are highly authoritarian. Lots of “back the blue” types around those parts. Great places to be if you love the Republican Party, not so great if you want real liberty.

@Mrgunsngear Hey guys, remember when we made fun of the UK for the exact same type of shit? And we said things like “that would never happen in Texas.” Well shit… amirite?

Jennifer Combs of Trinidad, Texas was reportedly arrested and charged with a felony for a FB post about poor local water quality. Trinidad police claimed she posted “false information that creates fear, panic, or unnecessary emergency response within a community.” Even if that was true, which it doesn't seem to be, arresting her for the post is still a gross violation of her 1st Amendment rights. She's currently suing the city but that won't prevent something similar from happening again. All of the officers involved with her arrested need to be criminally charged for deprivation of civil rights under the color of law. Would be a shame if the DOJ's Civil Rights Division was tagged in this post and they looked into this. A shame I say... #rural #1st #CivilRights #police #trinidad #texas #1stAmendment #corruption #cops #water

@jessehelmz @Mrgunsngear It’s hard to maintain integrity in a system that’s built on a cornerstone of excluding them from the consequences of their actions and allowing them special privilege to disobey the law.

Our law enforcement in some jurisdictions seems to only exist to enforce the edicts of their ruler - usually the Mayor/ Chief of Police or the Sheriff. These officers are corrupt and have thrown away their integrity, no different than federal agents who lied in order to arrest people for January 6th and many other “crimes”, in which there was zero actual probable cause that a certain person committed any crime.

@UK_Daniel_Card Normal people should definitely sign their PCs/Macs into Microsoft/Apple accounts. It’s literally always that they don’t back up anything, then get mad at Microsoft/Apple for “not keeping them safe.” I’ve got my flame suit on. Get as mad as you want people.

funny thing, when everyday folk don't use an MS account they actually leave themselves vulnerable to certain types of threat.... funny world isn't it. Real life isn't binary. I don't prescribe to my nan (RIP) needing to manage local accounts, keys, backups and other such complexity.

@NathanMcNulty @techspence @InfoSystir They’re a good fit for me and my customers. I needed something that was easy to deploy/manage at a predictable price point that works in the SMB MSSP arena. Short list that checks that IMO.

@arpeyton @techspence Hah, Blumira, haven't thought about them in a while, was seriously considering a job with @InfoSystir and team about 5 years ago :p I still think I would have been a terrible fit at the time

If I were a sysadmin one thing I’d do regularly or write some scripts to automate is… Checking for exclusions. Two of the most important here are with EDR and app control.

@NathanMcNulty @techspence I like to wrap Defender P1 with Blumira for SIEM/EDR/XDR. It does a great job collecting logs from all the MS sources and endpoints and monitors for things like Defender exclusions being created out of the box.

@techspence Defender for Endpoint P1 (included in M365 E3) only provides Antivirus Defender for Endpoint P2 (included in M365 E5 and Defender for Servers) adds the EDR and Vulnerability Management components So it's not really a license level, but EDR is P2, so only they would ask for it

Microsoft is now auto-syncing Purview RBAC roles into Entra ID, which is why admins are seeing new roles + PIM alerts like “PurviewRoleAssignmentMigrator”. This is expected behaviour, not a misconfig. Breakdown here: welkasworld.com/post/microsoft… #Purview #Entra #PIM #PurviewRBAC

🚨 Microsoft warns two Defender vulnerabilities are being actively exploited in the wild. thehackernews.com/2026/05/micros… 🔸 CVE-2026-41091 could allow attackers to gain SYSTEM privileges locally. 🔸 CVE-2026-45498 is a denial-of-service flaw impacting Defender. CISA added both to KEV with a June 3, 2026 patch deadline.

Insane

@IAMERICAbooted My semi-official tagline is "keeping you in business and out of the news."

Uncomfortable reminder: privesc to domain admin or global admin is not what keeps your CISO up at night. Ending up on the 6pm news does. You dont need domain admin or global admin for those events.

@IAMERICAbooted The answer is 100% donuts.

What is more likely to kill us?

@Teknium I was accepted into their verified cyber program and still get blocked doing basic threat intel research.

And yes, I've applied for Mythos, applied for cybersecurity blablabla They don't care unless you pay them a billion dollars it seems

Anthropic's terrible safety situation is making it so that I cannot have Opus review p0 issues in Hermes Agent to review and help fix security issues. This does nothing but give hackers an asymmetric advantage over everyone - they will find jailbreaks, they will find ways around this to exploit systems - and the rest of us are locked out of using AI to protect from them. What a joke

Opposing this dystopian surveillance state should be a universal and non-partisan issue.

@IAMERICAbooted MS: don’t use GA Also MS: to perform this completely normal admin task you need user admin, SharePoint admin, teams admin, application admin, and Intune admin.

Whoever came up with tiering for M365 roles (yes, I know many who did), dont understand how to abuse the roles they missed for privilege escalation to Global Admin. If your trying to contain and prevent damage to the company, there are a lot more roles with privesc paths to Global Admin. Hint: that's why Microsoft calls them privileged roles. Additionally, theres SharePoint Admin. If you could only fathom what you would find and what you can do with that role.... The problem is, many people working in security dont have the experience as security engineers in the cloud. Thats why they dont know.

@NathanMcNulty @ZackKorman @hansgruberwins That’s an interesting problem that I hadn’t thought about before. How would you go about detecting that? The best answer would be to not allow non-admins to create API keys in the first place, but I’m not sure that’s possible in either platform.

@ZackKorman @hansgruberwins Legit have had several people ask how they can use Microsoft tools to lock down Claude/OpenAI API keys because they are pretty sure employees took them and are using them for personal openclaw instances They don't even know what tools to look at :(

@banthisguy9349 Same, but way less of them than I get with passwordless.

@arpeyton Also had them with Password + MFA, I would find it rather unlikely that they had my password cracked since it is a very complex one. It seems like they found a way to prompt MFA codes regardless of knowing the password by maybe saying “use different sign-in option”

I have been dealing with automated attacks on my personal microsoft account. This account is setup with: - passwordless - MFA authenticator app - phone number - second email backup What the attackers have done is pushing at least 4-6 mfa notifications every night.

@iMHLv2 @ConnectWise Had a weird event at a client today. EDR hit on ScreenConnect (valid tool from another MSP) but the user and MSP both confirmed they weren’t in a session. Next hit was SC launching PowerShell and running .ps1 files in windows\systemtemp\screenconnect Related? DM me?

@ConnectWise please see case Case #03559262 ASAP - your platform is being abused to distribute malware

Major companies are getting pwned by browser extensions and npm packages, but they think deploying AI agents will go fine. Good luck, have fun.

🚨 Microsoft released mitigations for YellowKey, a BitLocker bypass tracked as CVE-2026-45585. The flaw can let attackers with physical access access encrypted data via WinRE. Learn more: thehackernews.com/2026/05/micros…