Morgan

Still haven’t had any luck finding any documentation listing what this matches to…may need to switch gears and start manually lining these up to the actual sign in logs to determine. To be continued…

“Security isn’t very technical” - the number of ppl within the IT Dept that believe this is concerning.

Despite being on the security team - somehow I spend more time in AD/Group Policy than the systems team… Starting to feel like I never really left the Systems side despite switching roles a while ago.

Devices onboarded for Defender and Security Administrator = fast track to owning them. Applies in general to Security Administrator and or custom roles with adv live response with unsigned scripts. Especially important to pay attention to if DCs are onboarded.

Information overload - vuln scans are great if the info is actionable. Scans from multiple sources for the sake of additional info and to compare against is just wasteful. Shiny object syndrome kicking hard these days with all these vendors promising the latest+greatest.

Demo’d to my coworkers an escalation path to Domain Admin and showcase why logging/alert alone isn’t sufficient. Reactions were mixed but overall we learned as a team…(but seriously it was a cool path to exploit)

Taking a break and hitting up the slopes for some classic Midwest skiing. Better than being in the office!

Show your AD environment some love, clean up those highly permission groups and users.

For the past 3 years I’ve worked in security until recently. I felt that a change was needed opted for a sys admin role elsewhere. Didn’t realize how much I really enjoyed InfoSec until now that I’m on the other side of the glass looking in…

Few weeks into a new job and just recently learned what hours im supposed to work… Is that a sign? I feel like that’s a sign.