spencer

50.5K posts

spencer banner
spencer

spencer

@techspence

🛠️ Former Sysadmin, now Pentester | Microsoft MVP | Helping IT teams make their environment harder to attack | @SecurIT360 & @CyberThreatPOV

🏰AD Security Resource Kit ⬇️ Katılım Kasım 2010
2.8K Takip Edilen16K Takipçiler
Sabitlenmiş Tweet
spencer
spencer@techspence·
If you’re an IT admin and you’ve never had your internal environment pentested and can’t afford one right now, do this instead: 1. Run Locksmith - fix anything that’s a High risk 2. Run ADeleginator - make sure everyone, authenticated users, domain users and domain computers doesn’t have any unsafe permissions 3. Run ScriptSentry - check for credentials in logon scripts 4. Run PingCastle - check the control paths section. It’s like bloodhound. Look for non-admins that have control paths If you do this, your environment will be much better when you’re done fixing everything.
English
13
161
1.2K
68.5K
spencer
spencer@techspence·
@skytaleSythe Yeah, this is so good. This is one of the reasons why I like Assume Reach so much, especially when the client's able to get you an actual machine that was in use that was recently decommissioned.
English
1
0
1
16
Bob
Bob@skytaleSythe·
@techspence On the plus side - This was a nice excuse to go over path to compromise with the team and how anything stored in memory without encryption is venerable. Several coworkers said "Holy S***" once they realized what this means.
English
1
0
1
22
Mr. Pink
Mr. Pink@DylanOwendylan·
@techspence Finished, like this is such BS I'm done with this, let's start over?
English
1
0
1
8
spencer
spencer@techspence·
If you think you’re “finished” with your security program, I encourage you to Assume Breach, and then start over.
English
3
6
63
2.6K
Carmen
Carmen@syntaxish·
@techspence The best because I'm about to learn a TON but the worst because I know I'm about to go on sleep deprivation for a hot min. #secopsadventures
English
1
0
1
21
spencer
spencer@techspence·
Zero days are both the best and worst thing for security. The best becuse it gives awareness for serious issues within technology systems. The worst because in many cases it’s turned into marketing slop and clout chasing. The incentives to find zero days is high, but the incentives don’t always help organizations be more secure.
English
4
2
18
1K
spencer
spencer@techspence·
@KTLYST_labs yeah this is a big reason why I shared this post
English
0
0
1
7
Assaf Kipnis
Assaf Kipnis@KTLYST_labs·
@techspence Its the worst because it creates a misled focus on new imaginary threats when the real threats are reuse of stuff you have already seen
English
1
0
1
11
spencer
spencer@techspence·
@ZackKorman Thank you man you’re doing the hard stuff. I get to sit back and find creds in plaintext files on file shares 🤪🫡
English
0
0
1
43
spencer
spencer@techspence·
If you’re a CISO or IT director or any other IT/Security leadership and you DON’T have an opinion on what you should focus on, you’re going to get mislead. Not only by vendors but also your team.
English
6
7
85
8.2K
spencer
spencer@techspence·
@brysonbort All the times I’ve heard someone say “if we just get xyz” or “once we do xyz”
English
1
0
0
41
spencer
spencer@techspence·
@EzeSecOps Here here. Well said. It’s hard too because it requires an investment to learn
English
0
0
1
114
spencer retweetledi
Rootkit Randy
Rootkit Randy@EzeSecOps·
I want to write about this because it’s so true, especially in security. If you don't have a direct opinion on what adversaries actually want from your org, you'll try to protect against everything and end up protecting nothing. There are really only 6 reasons hackers attack any company: Extortion/Sabotage, Financial Fraud, Data Theft, Resource Hijacking, Watering Hole Attacks, Disruption/DDoS. Figure out the areas that your industry is vulnerable to and build accordingly. Everything else is just noise.
spencer@techspence

If you’re a CISO or IT director or any other IT/Security leadership and you DON’T have an opinion on what you should focus on, you’re going to get mislead. Not only by vendors but also your team.

English
5
8
65
4.1K
Gh05t5h311
Gh05t5h311@0DG_Gh05t5h311·
I’ve been guilty of this before; but love this critique(if it be about me or not), certainly looking to step my game up! It’s not easy but the only way to improve is to keep going.
spencer@techspence

Some security programs are obviously put together without consideration for how tools and capabilities fit together or the problem they are trying to solve. Not saying this is easy, but some teams would do well to have more intention and care in the design of their program, tools, capabilities.

English
1
1
2
609
spencer
spencer@techspence·
@0DG_Gh05t5h311 For sure. Sometimes (many times?) your hands are tied for various reasons and you have to make do
English
0
0
1
60
spencer
spencer@techspence·
@ZackKorman It feels arbitrary as an “attacker” too
English
0
0
1
50
Zack Korman
Zack Korman@ZackKorman·
@techspence Vendor-led security programs. They are a collection of arbitrary sales processes
English
1
0
2
157
spencer
spencer@techspence·
Some security programs are obviously put together without consideration for how tools and capabilities fit together or the problem they are trying to solve. Not saying this is easy, but some teams would do well to have more intention and care in the design of their program, tools, capabilities.
English
2
1
18
1.7K
Carmen
Carmen@syntaxish·
@techspence ok so I've seen this multiple times and I can say this... leadership changes brings in new tools and the teams are stuck with whatever tool the new leader likes.
English
1
0
1
44

Keşfet

@skytaleSythe @DylanOwendylan @DecryptedTech @ZackKorman @brysonbort @syntaxish @KTLYST_labs @elonmusk