Steven Lorenz

Still needs some polish, but I uploaded an M365 Business Premium baseline (https://GitHub com/pslorenz/M365-Business-Premium-Baseline) trying to focus on SMBs. I've seen a lot for enterprise, but not much love on the SMB side. Not complete, but a decent start.

@IAMERICAbooted I appreciate the insights you share and would like to tag along if possible.

idk who is who in this account. I'm going to be creating a new account. If anyone I normally interact with would like to come along, let me know.

@techspence So much this.

One of the most disappointing parts about cybersecurity is that organizations will spend hundreds of thousands of dollars on security tools but not spend thousands of dollars on upskilling their team. I believe the best investment you can make is in making your team better.

@vxunderground @nikhil_mitt @struppigel Sunny says CARTP would be great

Big giveaway. - (x3) Certified Red Team Expert (CRTE) - (x3) Certified by Altered Security Red Team Professional for Azure (CARTP) - (x10) Malware Analysis for Hedgehogs Bundle CTRE and CARTP sponsored by @nikhil_mitt Malware Analysis sponsored by @struppigel Leave a comment below on what you'd like. Winners chosen in 24 hours.

@vxunderground @Cyb3rMonk Interested

Giveaway. @Cyb3rMonk has sponsored FIVE "Hands-On KQL for Security Analysts" courses. The course graphic also has a very silly cat wearing KQL swag. Very cool. Leave a comment below for a chance to win. Winners select in 24 hours. More information: academy.bluraven.io/course/hands-o…

After Months of Development, FINALLY ready to share: Harden System Security🎉 ✅ Complete System Hardening ✅ Security Posture Analysis ✅ All-in-One Toolkit ✅ Built-in Intune support for Scalability ✅ Beautiful Modern UI ✅ CLI support github.com/HotCakeX/Harde… #Cyber #Windows

I went looking for an updated Infosec Black Friday list for 2025 and the usual pages hadn't been updated, so I took a crack at one. Still very much a work in progress. Feedback or additions welcomed. github.com/ps-lo/Infosec-…

@techspence A couple of new things to add to the tool kit. Thanks for sharing!

ps - I created an AD Security resource kit for IT admins. If you want to know where to start & what issues to look for, then this is for you. You can get access to it by signing up for my free email newsletter. If you're already a subscriber, DM me for the link! 👇 Access it here... go.spenceralessi.com/adsecurity

My top 3 favorite PowerShell cmdlets for auditing the security of Active Directory environments: Invoke-Locksmith Invoke-ADeleginator Invoke-ScriptSentry Bonus: Invoke-WinWarden 👀 - coming soon maybe? :D I know these are not built-in cmdlets but I made the post so I make the rules. 😜

@PrzemyslawKlys Just do it when the pentester come around and revert after. Joking aside, I've seen protected users group added to a subset of non-admins without tangible real impacts. YMMV of course

Just please don't add all your users to Protected Users. Had one admin do that after he was given PingCastle report with findings and was asked to address it. Didn't end well for the company 😆

@techspence 4 because ZT isn't just some sku you can buy from your favorite/cheapest vendor. 2 is also a great angle because SMB budgets are super tight right now and they often lack the talent and expertise to come up with a budget conscious solution.

I'm working on a potential webinar for 2026...which one resonates the most with you? 1 - Practical Zero Trust for Everyday Organizations 2 - Zero Trust on a Budget: Practical Steps for SMB Security 3 - Zero Trust Made Simple: What SMBs Can Actually Do 4 - Beyond the Buzzword: Real-World Zero Trust for IT Teams 5 - Zero Trust Without the Overwhelm: A Roadmap for SMB Security

@techspence Great webinar today. Thanks for sharing so many insights and takeaways

✅Windows endpoint misconfig webinar...in the bag. Thanks so much everyone for coming out, for supporting us, sharing the registration link!! We had an wicked awesome webinar, thanks to you!

@WWHackinFest Can't wait to trek back to Deadwood

Get ready folks, less than 9 weeks 'til Wild West Hackin' Fest - Deadwood 2025! wildwesthackinfest.com/register-for-w… #WWHF #Deadwood2025 #TheFutureIs

@HackingLZ Just send it, what's the worst that could happen.

I love the internet when people share gold like this 😂

@N0BANDW1DTH Made it in my top 5 artists:

Thanks so much to everyone who listened to my music this year! There's a lot more to come in 2025! 🤘 #SpotifyWrapped

@EricaZelic @PwnedLabs @egre55 I had the opportunity to take this boot camp earlier this year. So much great content.

I'm so excited to be doing @PwnedLabs Microsoft Cloud bootcamp in November! @egre55 is one of my favorite content creators. His content is always top notch. You can never practice too much. bootcamps.pwnedlabs.io/mcrtp-bootcamp

@N0BANDW1DTH @WWHackinFest That was an awesome set. 🤘🤘

I had the pleasure of playing a live set at @WWHackinFest last week. I played a couple of unreleased songs from the upcoming The Future Is… ****** (Original Graphic Novel Soundtrack), including a track dropping next Friday, 10/25, called “Exfil”. Check out the vid for a preview!

@jonathanbourke @azuread @EricaZelic As a heavy user of PingCastle, every domain I audit starts out almost that bad. The hope is that they stay a customer long enough to iterate through all of the bad and make them better off for hiring your MSP on. They will probably never really understand what you did though.

Just assumed control of an existing env from another MSP. While I normally focus @azuread only, AD is part of this one... Gulp! @EricaZelic would go through this one like a hot knife through... air? Not sure where to even start!

@blackroomsec Great resource! Thanks for putting this together.

My long-awaited Asset Management Workbook is now out, submitted with a deep and abiding respect for both the IT and InfoSec communities. $10 on Gumroad. Part 1 of 3. blackroomsec.gumroad.com/l/mzrany

@dafthack @N0BANDW1DTH Congrats!

Total bucket list moment for me here… @N0BANDW1DTH will be part of the official DEF CON soundtrack this year. 🤘

Hanging out at @cackalackycon this weekend.