Active Directory Hardening Series (II) Part 5 Enforcing LDAP Channel Binding techcommunity.microsoft.com/… Part 6 Enforcing SMB Signing techcommunity.microsoft.com/… Part 7 Implementing Least Privilege techcommunity.microsoft.com/…

Active Directory Hardening Series Part 1 Disabling NTLMv1 techcommunity.microsoft.com/… Part 2 Removing SMBv1 techcommunity.microsoft.com/… Part 3 Enforcing LDAP Signing techcommunity.microsoft.com/… Part 4 Enforcing AES for Kerberos techcommunity.microsoft.com/…

I Built an AI SOC Analyst for Microsoft Sentinel and Defender XDR and Open-Sourced It rodtrent.substack.com/p/i-bu… #Security #Cybersecurity #AI #ResponsibleAI

Mapping NIST AI RMF Forrester RACI → Microsoft security stack onedrive.live.com/:x:/g/pers…

New: The Three Buddy Problem - Episode 97: We discuss the disappearing art of Windows APT paleontology, the absence of complex malware documentation, and why so much threat-intel research has slipped behind paywalls and into private rooms. Plus, a surge in AI-discovered bugs in Firefox and Chrome, a rough week for Linux security flaw disclosures, and the usual Ivanti and Palo Alto zero-day bulletins that ship without a single IOC. - Spotify open.spotify.com/episode/0eh… - Apple podcasts.apple.com/us/podcas… - Find a podcast platform pod.link/1414525622/episode/… - Transcript docs.google.com/document/d/1…

🗺️Active Directory Pentesting Mind Map: V1: raw.githubusercontent.com/es… V2: raw.githubusercontent.com/es… 🔖#infosec #cybersecurity #hacking #pentesting #security

Finding misconfigs in Active Directory is free…outside of your time. Here are 9 of my favorite tools (all free): Overall - PingCastle/PurpleKnight Permissions - ADeleg/ADeleginator* Attack paths - BloodHound Applocker - Applocker Inspector* ADCS - Locksmith Logon scripts - ScriptSentry* GPO - GPOZaurr * = utterly biased, tools I made

Fraud Tools, Tactics, and Techniques (FT3) is Stripe's adaptation of ATT&CK-style security frameworks, specifically designed to enhance our understanding of the tactics, techniques, and procedures (TTPs) used by actors in fraudulent activities github.com/stripe/ft3

🍍📟

I see Fortinet is firing back. Apparently my GitHub profile now qualifies as a malicious website in their web filtering appliances. (Okay, probably just an automated trigger on APTSimulator or the ransomware simulator repo. But maybe … )

Hold my beer?

I used to be very frustrated when security researchers published detailed vulnerability reports - meticulously describing every step of the discovery process but failing to include indicators of compromise or exploitation. It’s not about writing detection rules for us. Just sharing a log snippet, suspicious process behavior, or anything else observed during successful exploitation would be incredibly valuable. Better handover between researchers and defenders means faster, more effective responses.

🤓 Reverse Engineering and LLMs, 2 years ago when I created my first agent for RE, it was already pretty impressive. Fast forward to today, more people are using LLMs for reverse engineering. So here are a few tools for RE you might want to check out: ➡️ Radare AI: github.com/radareorg/r2ai ➡️ IDA Pro MCP: github.com/taida957789/ida-m… ➡️ MCP for Ghidra: github.com/LaurieWired/Ghidr… And this is just the beginning. What comes next is building smarter RE agents by connecting them with external tools, plugins, and knowledge sources 😉 **The screenshot below is a MCP connected to a flare-on challenge.**

Installing Your Own Command and Control Server on Kali Linux hackers-arise.com/post/comma…

Taken from a secure chat 🤣

9 Platforms to Get FREE Cybersecurity E-Books 1. PDF Drive 2. Heimdal Security 3. CollegeLearners 4. Endureka 5. Freetechbooks 6. Free Computer PDF 7. Online Programming Books 8. Infobooks 9. Simplilearn

IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX by @wiz_io this is bad wiz.io/blog/ingress-nginx-ku…

Day 2 at #BHMEA24’s Capture the Flag is in full swing. 💰 SAR 1,000,000 on the line. 💻 250 teams, 1,000 minds in a race against time. ⚡ Witness strategy, precision, and speed collide as teams battle for the crown. The final round is coming—be there to see who dominates the cyber battlefield. Register today: bit.ly/3B95Cn7 #cybersecurity #informationsecurity #blackhatmea #BlackHat_At_Malham #BHMEA24