spencer
@techspence
🛡️Empowering defenders & dismantling threats | Ethical Threat | pentester @securit360 | host @cyberthreatpov | SWAG https://swag.ethicalthreat.com
Internal pentest findings that shouldn't exist in 2025... - credentials on file shares/sharepoint/dms - local admin password reuse - kerberoastable domain admins - ADCS Misconfigs - spooler running on DCs - lack of powershell restrictions - EDR missing on hosts
One of the reason i'm such a proponent for free tools like Locksmith, PingCastle, PurpleKnight, etc. is because it eliminates excuses. The cost is your time...
Those who have "mastery" of a subject don't need to say it, it's observable and evident.
AutoRMM is officially ready for use, in terms of having a library of testing options available, along with instructions. 🧵 1/ It has been amazing working with @Shammahwoods and Biniam Gebrehiwot, along with our other contributors. github.com/CroodSolutions…
We’re excited to feature a powerful joint session at Security BSides Albuquerque 2025, led by: 🔹 Ezra Woods, Security Engineer at Grand Canyon Education 🔹 @CroodSolutions, CISO at Grand Canyon Education Ezra is an avid security researcher and Information Security Engineer,…
I have been presenting the risk to Active Directory if VMware infrastructure isn't well protected since 2015. adsecurity.org/wp-content/upl… VMWare admins can access the storage associated with virtual Domain Controllers and therefore have access to the AD database file (ntds.dit).…
this part is brutal.
I will be soon hiring a Senior Security Researcher. Pre-requisite: Strong knowledge in Active Directory, Entra ID, and doing security research, as well as willing to present the research at conferences.
Don’t wish for it, work for it. A reminder to myself and to anyone else who needs to hear it. 💪
The more things change the more they stay the same
Internal pentest findings that shouldn't exist in 2025... - credentials on file shares/sharepoint/dms - local admin password reuse - kerberoastable domain admins - ADCS Misconfigs - spooler running on DCs - lack of powershell restrictions - EDR missing on hosts
As a pentester, I am a big fan of SharePoint! But not because of RCEs...
A man of principal I like it 😂😂
In my office, If you can’t finish your coffee while it’s still hot, you deserve to have cold coffee.
Can’t help but feel like this is dreamweaver all over again. Tell me I’m wrong… History repeating itself?
Today we’re releasing GitHub Spark — a new tool in Copilot that turns your ideas into full-stack apps, entirely in natural language.
I’ve literally done this before from a live vmdk that was on a world readable file share 😅
this part is brutal.
If you're an IT admin, but also have security responsibilities, I feel for you, deeply. That was me several years ago. All of the responsibility, none of the power. Hang in there. 💪💙
Two ongoing security projects I would do if I were still an IT admin: 1, Unsecured credentials discovery: shares, in sharepoint, wiki, ticketing, dms, ci/cd, etc. 2, Active Directory delegation review (with a particular focus on Tier 0)
Some of my thoughts on the qualities that make a "great" pentest report: () Clarity - simple, to the point, language () Context - findings don't exist in a vacuum () Representative - alignment to the environment/org () Fair - no vendor bashing () Actionable - practical &…
This is brilliant 😂
On really hot days, put the hot coffee a steel or aluminum mug and add a scoop of ice cream.
You microwave your coffee when it gets cold instead of wasting it right?
SHARED responsibility
This is because of the false belief that the SaaS provider is responsible for security of the client's tenant.