chad

Restricting SMB based lateral movement in a #Windows environment. Lessons learned from work with the @SpecterOps team; drawing from previous posts by @mattifestation, @Haus3c, @cryps1s, @harmj0y & Mr SMB himself @NerdPyle bit.ly/SMB-lateral-mo… #redteam #blueteam #infosec

Introducing Daybreak: frontier AI for cyber defenders. Daybreak brings together the most capable OpenAI models, Codex, and our security partners to accelerate cyber defense and continuously secure software. A step toward a future where security teams can move at the speed defense demands.

The security industry is entering a period of compression. Model cybersecurity capabilities are rapidly increasing, and it's critical we arm defenders with the tools they need to protect what matters most. We're launching two models today: GPT-5.5 with TAC (Trusted Access for Cyber) GPT-5.5-Cyber (Limited Preview) GPT-5.5 is our starting point for most defensive workflows. It's exceedingly good at cybersecurity workflows and tasks like secure code review, vulnerability triage, detection engineering, malware analysis, and patch validation. We think this model is the right starting place for most organizations. GPT-5.5-Cyber is exceptional for authorized workflows, including red teaming, penetration testing, and controlled validation. It's in research preview for specific organizations and requires enhanced verification and account-level controls. We expect to continue to accelerate defenders with various models, including both our flagship models through Trusted Access for Cyber, and with dedicated cyber models like GPT‑5.5‑Cyber and even more cyber-capable models in the future. openai.com/index/gpt-5-5-…

Codex can now take on more of your browser dev work. With the new Chrome plugin in the Codex app, it can test web apps, gather context across tabs, use web DevTools efficiently in parallel, and keep results organized without taking over your browser.

there is a new plugin in codex app called codex security it adds skills that help scan your codebase for vulnerabilities

we're starting rollout of GPT-5.5-Cyber, a frontier cybersecurity model, to critical cyber defenders in the next few days. we will work with the entire ecosystem and the government to figure out trusted access for cyber; we want to rapidly help secure companies/infrastructure.

Don't just reset Codex rate limits for fun, it costs money. Don't just reset Codex rate limits for fun, it costs money. ... but the vibes are good ... I have reset Codex rate limits for ALL paid plans to celebrate a good week and allow everyone to build more with GPT-5.5. Enjoy

The way I talk to Codex and what tasks I can give it has drastically changed in the last few weeks. I worry less about which context I need to give Codex. Wrote up some of the ways I work now 👇

You can just build things.

We’re expanding Trusted Access for Cyber with additional tiers for authenticated cybersecurity defenders. Customers in the highest tiers can request access to GPT-5.4-Cyber, a version of GPT-5.4 fine-tuned for cybersecurity use cases, enabling more advanced defensive workflows. openai.com/index/scaling-…

Three million people are now using Codex weekly - up from two million a little under a month ago. Incredible to see the growth. Thank you to all of you and to the ecosystem we’re part of. To celebrate, we’re resetting rate limits so you can keep building, and we’ll reset them every additional 1M users until we reach 10M, so we can keep celebrating along the way. Enjoy and thank you!

On 29 April, we’re bringing together the most ambitious builders for Australia’s first Codex Hackathon 🇦🇺 Build something in a single afternoon that wouldn’t be possible without Codex. ~$200K USD in credits & subscriptions up for grabs. We’ll bring the tokens and vibes ✨ - see you there. Link below 👇

Subagents are now available in Codex. You can accelerate your workflow by spinning up specialized agents to: • Keep your main context window clean • Tackle different parts of a task in parallel • Steer individual agents as work unfolds

The Codex app is now live on Windows. The app runs both natively and in WSL, with integrated terminals for PowerShell, Command Prompt, Git Bash, or WSL. We also built the first Windows-native agent sandbox — using OS-level controls to block filesystem writes outside your working folder and prevent outbound network access unless you explicitly approve it. Plus: 7 new “Open in …” apps and 2 new Windows skills (WinUI + ASP.NET). Try it and tell us what you think.

Building malware analysis lab A step by step guide for building local analysis lab at home. A post by David Varghese. Source: infosecwriteups.com/building-a-vir… #redteam #blueteam #maldev #malwaredevelopment

Over the weekend I compiled all my past blog posts and research into a roadmap/compendium for people looking to learn more about hardware reverse engineering. Check it out here: voidstarsec.com/roadmap/

After Months of Development, FINALLY ready to share: Harden System Security🎉 ✅ Complete System Hardening ✅ Security Posture Analysis ✅ All-in-One Toolkit ✅ Built-in Intune support for Scalability ✅ Beautiful Modern UI ✅ CLI support github.com/HotCakeX/Harde… #Cyber #Windows

Regular reminder… this hardening series by Jerry Devore is super awesome. There’s no way you won’t learn things by reading these. Part 1 - Disabling NTLMv1 Part 2 - Removing SMBv1 Part 3 - Enforcing LDAP Signing Part 4 - Enforcing AES for Kerberos Part 5 - Enforcing LDAP Channel Binding Part 6 - Enforcing SMB Signing Part 7 - Implementing Least Privilege Link to all articles 👇 techcommunity.microsoft.com/tag/adhardening

WDAC Managed Installers explained: Instead of trusting individual files, trust the process that installs them (ConfigMgr, Intune, etc.) Files get NTFS Extended Attributes → WDAC trusts them → No explicit rules needed Limitations & gotchas in our new blog 👇 appcontrol.ai/post/wdac-mana… #WDAC #AppControl #Security

🔒 Secure Bits 💡 𝗛𝗼𝘄 𝘁𝗼 𝘁𝗿𝗮𝗰𝗸 𝗟𝗗𝗔𝗣 𝘀𝗶𝗴𝗻𝗶𝗻𝗴 𝗶𝗻 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 𝗯𝗲𝗳𝗼𝗿𝗲 𝗲𝗻𝗳𝗼𝗿𝗰𝗶𝗻𝗴 𝗶𝘁? When applying 𝘀𝘁𝗿𝗶𝗰𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗕𝗮𝘀𝗲𝗹𝗶𝗻𝗲𝘀, enforcing LDAP signing is a common (and critical) step. It disables weak authentication methods like LDAP simple bind, which transmits credentials in plaintext and no signing allows MITM attacks. But if your infrastructure is older, 𝗲𝗻𝗳𝗼𝗿𝗰𝗶𝗻𝗴 𝗶𝘁 𝗼𝘂𝘁𝗿𝗶𝗴𝗵𝘁 𝗰𝗮𝗻 𝗯𝗿𝗲𝗮𝗸 𝘁𝗵𝗶𝗻𝗴𝘀. 💥 So before enforcement — 𝘁𝗿𝗮𝗰𝗸 𝘄𝗵𝗮𝘁’𝘀 𝘂𝘀𝗶𝗻𝗴 𝘂𝗻𝘀𝗶𝗴𝗻𝗲𝗱 𝗟𝗗𝗔𝗣. 𝗛𝗲𝗿𝗲’𝘀 𝗵𝗼𝘄: 📝 𝗦𝘁𝗲𝗽 𝟭 — 𝗖𝗵𝗲𝗰𝗸 𝗱𝗲𝗳𝗮𝘂𝗹𝘁 𝗹𝗼𝗴𝘀 Event ID 2887 in the Directory Service log reports unsigned LDAP attempts every 24 hours. But it’s vague. 🔍 𝗦𝘁𝗲𝗽 𝟮 — 𝗘𝗻𝗮𝗯𝗹𝗲 𝗱𝗲𝘁𝗮𝗶𝗹𝗲𝗱 𝗱𝗶𝗮𝗴𝗻𝗼𝘀𝘁𝗶𝗰𝘀 Registry path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics Set 16 LDAP Interface Events to 2 This gives you 𝗘𝘃𝗲𝗻𝘁 𝗜𝗗 𝟮𝟴𝟴𝟵, which shows exact clients using unsigned LDAP. ✅ Use this to find and fix legacy apps before enforcing LDAP Signing and disabling Simple Bind. 💡 𝗔𝘃𝗼𝗶𝗱 𝘁𝗵𝗲 “𝗲𝗻𝗳𝗼𝗿𝗰𝗲 → 𝗯𝗿𝗲𝗮𝗸 𝗲𝘃𝗲𝗿𝘆𝘁𝗵𝗶𝗻𝗴” scenario — audit first. 📌 In this series, I’ll be covering 𝗿𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 𝗼𝗳 𝗮𝗽𝗽𝗹𝘆𝗶𝗻𝗴 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗯𝗮𝘀𝗲𝗹𝗶𝗻𝗲𝘀 — including the exceptions you sometimes must make to keep legacy infrastructure operational. Based on lessons from production environments. #LDAP #ActiveDirectory #CyberSecurity #SecureBits #SecurityBaselines #BlueTeam #HorizonSecured @BlueTeamDave

Windows Inter Process Communication A Deep Dive Beyond the Surface, by @haider_kabibo Part 1 sud0ru.ghost.io/windows-inter-… Part 2 sud0ru.ghost.io/windows-inter-… Part 3 sud0ru.ghost.io/windows-inter-… Part 4 sud0ru.ghost.io/windows-inter-… Part 5 sud0ru.ghost.io/windows-inter-… Part 6 sud0ru.ghost.io/windows-inter-…