Why did I leave Microsoft?
To work full time on 🔥 Maester.
Over 40,000+ tenants today rely on Maester to monitor their tenants daily.
I wanted to make sure that the tests they are running continue to be relevant and evolve as Microsoft 365 and the security landscape evolves.
So today I'm announcing the launch of https://t.co/F5uN233Yh7
Maester Cloud is the portal companion to Maester that lets you track your results over time. It is multi tenant, runs in your cloud (or ours) and more → check out the site for all the features.
More importantly Maester Cloud is a way for me to fund the continued development of the open source Maester core and the tests in Maester.
That is our mission. In fact I worked with the core team @fabian_bader , @Thomas_Live , @MySnozzberries and @SamErde to create the Maester Manifesto (https://t.co/wcm7PnGEMr). It is our promise to the community.
If you value Maester and would like to support and ensure that Maester continues to grow and be healthy, I would be beyond thrilled if your organisation can sponsor this effort.
I would also appreciate it very much if you can share this post with your network to spread awareness.
Thanks!
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
https://t.co/NQ7IfEtYk7
SpearSpray. advanced password spraying tool designed specifically for Active Directory environments. It combines user enumeration via LDAP with pattern-based password generation to perform controlled and stealthy password spraying attacks over Kerberos
https://t.co/nHlZRY2Mmj
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure https://t.co/j762xnq6c4
THC Release 💥: The world’s largest IP<>Domain database: https://t.co/o4F8M1Pqi1
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.
Updated monthly.
Try: curl https://t.co/5V2xLadmx5
Raw data (187GB): https://t.co/cBZOSAE89K
(The fine work of messede 👌)
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
ATTACK UPDATE: A massive supply-chain compromise has affected packages with over 2 billion weekly downloads, targeting *CRYPTO*
Here's how it works 👇
1) Injects itself into the browser
Hooks core functions like fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.).
Ensures it can intercept both web traffic and wallet activity.
Are you an IT admin whose responsible for dealing with AppLocker?
Do you struggle to wrangle all your policies?
Are you worried that you have misconfigurations hiding in your AppLocker Policy?
Well, have I got something for you....
It's called AppLocker Inspector and it's now available ON LINE!!!
@m_haggis added this to his ASRGen project, which I'd also recommend checking out.
Try it out here 👇
https://t.co/FzdJdauvdJ
A critical part of Active Directory security is regularly reviewing your AD admins. The simplest way to do this is to recursively enumerate the membership of the domain Administrators group (that group's members and all member group members). PowerShell code shown below.
Check the AD Admins output for the following:
* Are all the admin accounts associated with people expected?
* Are there service accounts that shouldn't require AD admin rights (VMware, Exchange, LDAP, VPN, Sharepoint, etc.)?
* Are the associated passwords current? Are they as expected with no outliers (all within 2 years but one has a password that's 10 years old)?
* Has the default domain Administrator account logged on recently? Is that expected/known?
* Are all accounts enabled? Disabled accounts should be removed from being an AD Admin.
* Do all accounts require Kerberos preauthentication? They must if they are AD admins.
* Do any use Kerberos DES? If so fix that.
* Are any set to never expire their password? Is that expected? Accounts with this set rarely change their password.
* Are there any passwords in Active Directory user attributes (commonly description notes/info, Exchange custom attributes, etc.)? Practically all of the attributes are visible to users.
PowerShell code (using AD PS modules):
[array]$ADAdminArray = Get-ADGroupMember -Identity 'Administrators' -Recursive
$ADAdminPropertyArray = @()
ForEach($ADAdminArrayItem in $ADAdminArray)
{ [array]$ADAdminPropertyArray += Get-ADUser $ADAdminArrayItem.DistinguishedName -Prop * }
$ADAdminPropertyArray | Sort SamAccountName | Select SamAccountName,PasswordLastSet,LastLogonDate,Enabled,DoesNotRequirePreAuth,UseDESKeyOnly,PasswordNeverExpires | Format-Table -AutoSize
#ActiveDirectorySecurityTip
The DSInternals PowerShell module just got an upgrade! 🔥
Updates include:
✅ Golden dMSA Attack
✅ Full LAPS support
✅ Trust password & BitLocker recovery key extraction
✅ Read-only domain controller database compatibility
Read more from @MGrafnetter. https://t.co/eQiOGID60y
Added a new tool to:
https://t.co/v4FnSVbaDD
⚠️Please Use Responsibly⚠️
You can use this to instantly generate an obfuscated reverse shell in powershell that i have personally used to beat EVERY single EDR out there right now.
I've added some pretty cool stuff to my website but this is one of my favorite additions.
🛑 Disclaimer: This tool is for educational and authorized security testing only. Misuse could be illegal. Don’t be dumb.
Shoutout to the only ones that were actually able to stop it, using something called "ring fencing" @ThreatLocker
This is not a sponsored post, just a fan of them
#Edr_Is_Not_Enough
Mitre has a new framework to complement ATT&CK framework to help the financial sector detect and respond to cyberattacks on cryptocurrency assets and other financial targets. What you need to know: https://t.co/ecbDl9W1c6