Mar 3, 2021
Weird GPOs - Netlogon_AvoidPdcOnWan —
Weird Microsoft advice and how to abuse it for remote access sitesFeb 10, 2021
Windows Lab Resources —
I packaged some terraform scripts and made a s3 bucket public, to hopefully make someone elses live easier. Enjoy.Feb 8, 2021
Being cheap with Github Actions —
Need Packer VMs? Like being cheap? Try wasting your time with this clickbait.Oct 24, 2020
XSS in the trusted zone is drive-by RCE —
Seemingly everyone has forgotten how internet explorer worksJan 1, 2020
SpecterOps training - VRO and Mac Tradecraft review —
Do SpecterOps training, it's good for you (and your team!)Oct 17, 2019
AD - Account Lockout vs Disabled —
Disabling an account in AD isn't instant, but a lockout is.Aug 5, 2019
Jumpboxes are not a mitigation for credential theft —
Advice no one reads from Microsoft, but probably should have. Jumpservers are Fake News(TM)Jul 26, 2019
M$ - AlwaysOn VPN first thoughts —
AlwaysOn, initial thoughts and ideasJul 25, 2019
Shitty sysadmins - Applocker —
Applocker - 'May provide protection without being able to provide a robust defence'Jul 24, 2019
Shitty sysadmins - MS14-025 —
findstr /S /I cpassword shouldn't give you domain admin in 2019