> Still not doing MFA yet? Get it on your list. Then do Azure AD Banned Password protection next. When you start putting password protection in audit mode you will start to discover the severe risk of not doing MFA at all. https://t.co/m24SnAT3Ck — Root (@rootsecdev) July 12, 2020 [https://twitter.com/rootsecdev/status/1282109094648844288?ref_src=twsrc%5Etfw]…
> (Thread)Hey all Lets talk about consent phishing with Office365 products https://t.co/WfPg0VexQj — Root (@rootsecdev) July 11, 2020 [https://twitter.com/rootsecdev/status/1281930341050191873?ref_src=twsrc%5Etfw]…
> It's been two years since we removed SeDebugPrivilege from ALL of our users who have a 'need' for local administrator rights. (Via GPO) No complaints; extra work acknowledged by the adversary simulation team. Details: https://t.co/ULijgaEWgR#BlueTeam [https://twitter.com/hashtag/BlueTeam?src=hash&ref_src=twsrc%5Etfw] #redteaming [https://twitter.com/hashtag/redteaming?src=hash&ref_src=twsrc%5Etfw] #Windows [https://twitter.com/hashtag/Windows?src=hash&ref_src=twsrc%5Etfw] — duff (@duff2…
> Trimarc's Scott Blake discusses low cost/no cost methods to deal with passwords in Active Directory such as Microsoft LAPS, fine grained password policies, etc. This article also discusses password recommendations for users, admins, & service accounts.https://t.co/S1vHorwzP9 pic.twitter.com/0BtfYK4t9e [https://t.co/0BtfYK4t9e] — Trimarc (@TrimarcSecurity) July 9, 2020 [https://twitter.com/TrimarcSecurity/status/1281219051323342851?ref_src=twsrc%5Etfw]…
> Top 16 Active Directory vulnerabilities found during pentests (detailed post) #infosec [https://twitter.com/hashtag/infosec?src=hash&ref_src=twsrc%5Etfw] #pentest [https://twitter.com/hashtag/pentest?src=hash&ref_src=twsrc%5Etfw] #pentesting [https://twitter.com/hashtag/pentesting?src=hash&ref_src=twsrc%5Etfw] #hack [https://twitter.com/hashtag/hack?src=hash&ref_src=twsrc%5Etfw] #hacking [https://twitter.com/hashtag/hacking?src=hash&ref_src=twsrc%5Etfw] @DirectoryRanger [https://twitter.c…