Chris Fr.

Detecting NTLM Leakage in Windows Search Microsoft has closed this issue without assigning a CVE or releasing a patch, describing its triage process as “case‑by‑case”. According to Huntress’ latest blog — When “Moderate” Means “Sometimes” — this leaves defenders exposed. https://t.co/rEOsDogU7y I believe this warrants proactive detection: threat actors can abuse the Windows Search URI to silently collect NTLM hashes. Sharing detection logic to help spot and stop abuse before it escalates. https://t.co/nAxSqlHPgn #Cybersecurity #DefenderXDR #NTLMLeak #WindowsSearch

An attacker dumps LSASS on one endpoint. The local admin hash is the same across 800 machines, likely due to the use of golden images. If you aren't already doing it, deploy Windows LAPS: each endpoint gets a unique, rotated password. One stolen hash, one machine, and not 800. It's free and native; deploys in hours. Still one of the highest-ROI hardening wins in 2026.

I was recently reminded that this is a thing... Then I read the docs to remind myself about these features and oh yeah, Microsoft themselves don't recommend deploying it in modern environments. 🙃 It's unfortunate that everything has moved to the cloud/entra. There's some neat features that if they got some love, would be killer. https://t.co/99Q90Klmjx

ACTIVE DIRECTORY GROUP POLICY: BLOCK NEW OUTLOOK Download and update your Group Policy Central Store with the new ADMX files for Office 2024: https://t.co/J0t6SBInwJ From there, set: Manage Automatic setup of classic Outlook accounts in new Outlook: DISABLED It goes without saying that we should not have to opt out of the pilfering of our user's logon name, password, and entire mailbox contents up to the Microsoft Mother Ship. But we do.😡

Experts Exchange Question by Don: How to protect computers from the new computer attacks from software like Mythos? My answer which is, I think, pretty good thus worth sharing! :0) [QUOTE] Don, TL;DR Layers Don. Layers. In the end, Train the Human™  is the best way to mitigate. *** You have a bunch of really good answers. But, I have a question for you, yes it is facetious bordering on sarcastic: Are you a praying man Don? ;-) Firstly: Humans are not perfect Humans code Therefore, code is not perfect. ^^^ Let's get that out of the way. Secondly, let's talk about the two methods vulnerabilities appear in code: 1: As above - To err is human … 2: Deliberate - See University of Minnesota Hypocrite Commits for a Linux variant - SMBv1 (EternalBlue) - There's no way Microsoft didn't know that it had been weaponized - SPECTRE (CPUs) - Backdoors in hardware and firmware - vPro - Yeah, there's tinfoil hat here but do the research So, where does that leave us? 1: Most certainly the Security Theatre folks will prey upon the more FUD oriented folks. 2: Buying up a bunch of RTX 3090s and getting our own models/Mythos going 3: Realizing that some of what we see in tech had creators, some being malicious, that never foresaw Crowd Sourced code fuzzing for vulnerabilities IMNSHO, Crowd Source fuzzing is the best thing that has happened in tech because it's forcing, FORCING, vendors to actually clean up their code if #1 or realize that someone will find that SolarWinds code plant at some point. [/QUOTE] I am now of the mind that we need to build out some infrastructure here, which we are in the process of doing, to set up our own AI models/agents and more. I've seen enough to see that there are benefits to be had so long as there are solid guardrails in place. Though, Mythos does make those guardrails disappear doesn't it? ;-) https://t.co/21zqmC97HV .@ExpertsExhange

Stop using bulky GUIs. If you build software, live in the terminal. neovim + AI auto-assist + grok-code-fast. Lock in. 🔒 The Setup: Shell: zsh + oh-my-zsh + starship Multiplexer: tmux Monitor: btop + proc + duf + dust Nav: yazi + zoxide + fzf + eza mag Search: ripgrep + fd + bat Git: lazygit + delta Edit: neovim / emacs Utils: jq + tldr + thefuck Vibe: fastfetch

SharePoint and OneDrive "People in your organization" share links can finally expire automatically. Two Set-SPOTenant parameters. Recommended default + hard max, 7 to 720 days, configured independently for SharePoint and OneDrive. The cleanest oversharing control Microsoft has shipped this year. Demo in the reply. #SharePoint

I've collated 2400+ Microsoft architecture icons and published them for easy access at https://t.co/C1Zv6sIkzn 💙 For every icon, you can: • Download the scalable SVG file • Download the PNG of your desired size • Embed the icon directly into your website or markdown • Choose a light, dark or transparent background You can can even compare different icons together and favourite multiple icons for bulk download! #Microsoft