SigninLogs - what is the difference between AuthenticationDetails[0].authentication method and Authentication Details[1]authenticationMethod? [1] is not always present in the logs. Question - which is more accurate to use to determine auth methods used over time? #KQL

💥 Exciting update and launch competition! 📢 Folks, I'm happy to announce another important milestone for @PwnedLabs - the launch of the 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗹𝗼𝘂𝗱 𝗔𝘁𝘁𝗮𝗰𝗸 𝗮𝗻𝗱 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 𝗕𝗼𝗼𝘁𝗰𝗮𝗺𝗽 - and our first certification! 𝗧𝗼 𝘄𝗶𝗻 𝗮 𝘃𝗼𝘂𝗰𝗵𝗲𝗿, 𝗷𝘂𝘀𝘁 𝗹𝗶𝗸𝗲 𝗮𝗻𝗱 𝗿𝗲𝘁𝘄𝗲𝗲𝘁 𝘁𝗵𝗶𝘀 𝗽𝗼𝘀𝘁. 5 vouchers are available and will be drawn randomly. This comprehensive 4-week bootcamp and its structured learning path provide students with foundational concepts, essential security tools and techniques, and instruction in attacking and defending Azure and Microsoft 365 environments. Students who successfully complete the 4-week bootcamp and structured learning path can then attempt the exam lab to try and earn the 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗹𝗼𝘂𝗱 𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 𝗣𝗿𝗼𝗳𝗲𝘀𝘀𝗶𝗼𝗻𝗮𝗹 (𝗠𝗖𝗥𝗧𝗣) certification. This has been one of the main things that our community has been asking for. What can you expect to learn? -> bootcamps.pwnedlabs.io/mcrtp…

“Security isn’t very technical” - the number of ppl within the IT Dept that believe this is concerning.

Despite being on the security team - somehow I spend more time in AD/Group Policy than the systems team… Starting to feel like I never really left the Systems side despite switching roles a while ago.

Devices onboarded for Defender and Security Administrator = fast track to owning them. Applies in general to Security Administrator and or custom roles with adv live response with unsigned scripts. Especially important to pay attention to if DCs are onboarded.

Information overload - vuln scans are great if the info is actionable. Scans from multiple sources for the sake of additional info and to compare against is just wasteful. Shiny object syndrome kicking hard these days with all these vendors promising the latest greatest.

The daily blue screen feeling of working in #infosec

A bit of lightweight reading during lunch. But for real, a month in and already wondering what have I gotten myself into… #InfoSec #CISSP

Demo’d to my coworkers an escalation path to Domain Admin and showcase why logging/alert alone isn’t sufficient. Reactions were mixed but overall we learned as a team…(but seriously it was a cool path to exploit)

Taking a break and hitting up the slopes for some classic Midwest skiing. Better than being in the office!

Show your AD environment some love, clean up those highly permission groups and users.

For the past 3 years I’ve worked in security until recently. I felt that a change was needed opted for a sys admin role elsewhere. Didn’t realize how much I really enjoyed InfoSec until now that I’m on the other side of the glass looking in…

Few weeks into a new job and just recently learned what hours im supposed to work… Is that a sign? I feel like that’s a sign.

Another day where an object was used elsewhere (not documented) and caused an issue when changed. Yesterday it was a service account, today a group. Positive note, it’s been identified and properly remediated but still. Create purpose built objects from the start.

It’s a work can wait and hit up the slopes instead kind of day...

Offering your team a 4x10 with conditions on Friday to: check in, answer emails, and be available - isn’t really much of an offer. But thanks for letting me know I can always work longer days and extra hours if I want to.

People over the 3x week pause announcement be like:

InfoSec is one conversation I'll never get bored of. Its always a great time when you can connect, share, and discuss ideas with others.