Recent posts
AD - Account Lockout vs Disabled —
Disabling an account in AD isn't instant, but a lockout is.
Lol ANU —
Some place got hacked, it's clearly sophisticated and not at all a result of shitty security, old systems.
On the viability of memory forensics in compromised environments —
When a machine is owned, can you really trust it to give you reliable data for incident response?
K8s config maps don't update in pods when mounted as volumes —
K8s oddities to keep in mind - changes to configmaps don't get reflected in realtime to pods
DMA attacks with the PCIscreamer —
DMA attacks - more practical than you think, so much so that the average pentester could do it
Shitty Pentest Findings - Password Autocomplete Enabled —
If you had a pentest and it had a finding of 'Password autocomplete enabled', it was probably a shitty pentest
Jumpboxes are not a mitigation for credential theft —
Advice no one reads from Microsoft, but probably should have. Jumpservers are Fake News(TM)
RVTools —
Hardcoded encryption keys in sysadmin tools
M$ - AlwaysOn VPN first thoughts —
AlwaysOn, initial thoughts and ideas
Shitty sysadmins - Applocker —
Applocker - 'May provide protection without being able to provide a robust defence'