Sean Metcalf

To my black family, friends, and people seeing this: I love you You matter I'm here for you #BlackLivesMatter

The Art of the Honeypot Account: Making the Unusual Look Normal, by @PyroTek3 hub.trimarcsecurity.com/post/the-art-o…

Something I've been asking for, for about 2 years now. I'm glad Microsoft finally delivered!

Additionally, you are managing the ESXi host root passwords, right?

>enabling SSH on the ESXi hosts You ARE syslogging your ESXi hosts to a SIEM and alerting on this behavior aren't you? If not, you ARE alerting on the root account password being reset, right? Right? ... Right? Please say I'm right.

For those like me who prefer to stay in the terminal and want to call REST APIs like the Microsoft Graph without complicated commands or copy/pasting tokens: roadtx now has a graphrequest command to perform simple requests against these APIs and parse the JSON.

I’ve been saying this for years.

Remember to keep your Exchange Server Management Tools up to date with every Cumulative Update (CU) and Security Update (SU) release to ensure they remain in a supported and secure state. The end of Support for Exchange Server 2016/2019 is scheduled for October 14, 2025. Before…

Another reason why vSphere has to be protected.

"I've completed the currently available APT emulation labs on XINTRA and I can say that's definitely the best platform out there." 🥹

None of this is complicated There is just a lot of it.

New updates to the blog today w/focus on Storm-2603 (lots of community interest) “we have observed…Storm-2603, exploiting these vulnerabilities to deploy ransomware” Blog includes Storm-2603 TTPs, persistence (IIS backdoor & fast reverse proxy usage), C2 servers, & new IOCs

This is really great research!

I have been presenting the risk to Active Directory if VMware infrastructure isn't well protected since 2015. adsecurity.org/wp-content/upl… VMWare admins can access the storage associated with virtual Domain Controllers and therefore have access to the AD database file (ntds.dit).…

💜 Meet Samantha, the new BWIC Lead! 💻✨ #BWIC #BlacksInCyber #BlacksInCybersecurity #BlackWomenInCyber #LitLikeBIC

A rare, but highly welcome change. Microsoft changed the license requirement for Token protection from Entra ID P2 to P1. This will protect more customers in the long run and lead to a more secure ecosystem. learn.microsoft.com/en-us/entra/id…

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups thehackernews.com/2025/07/micros…

Microsoft have now limited domains returned from the Autodiscover endpoint, impacting 𝐎𝐒𝐈𝐍𝐓 tools > ourcloudnetwork.com/planned-change… A blow to security peeps, but a win for defenders. Previously, you could make an 𝐮𝐧𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞𝐝 request to Autodiscover and return a…

Some of my thoughts on the qualities that make a "great" pentest report: () Clarity - simple, to the point, language () Context - findings don't exist in a vacuum () Representative - alignment to the environment/org () Fair - no vendor bashing () Actionable - practical &…

Good Morning! Happy Monday! 🌞 The Security BSides Northern Virginia (aka #BSidesNoVA!) #CFP is open until August 15th. Join us mid-October in Arlington, Virginia for *the* premier #InfoSec & #Hacker event in the NoVA area! sessionize.com/bsidesnova-202…

🚨 A new issue has emerged with the Microsoft.Graph module. In case you haven’t followed this thread, there are now confirmed issues when using the ‘RecordsManagement’ scope. V2.25.0 may still be the only safe version to fail back to [at least for some users]. 🤔