Podcasts about Active Directory

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He's helped organizations redefine what it means to build security cultures that actually work.In this episode, Nathan explains why communication (not technology) s a CISO's most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.This is an insightful look at the people-first mindset behind stronger, more resilient security programs.Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program managementGuest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan's Advice for Security LeadersSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Nathan on LinkedInLearn more about OptivConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Les collectivités territoriales sont devenues des cibles de choix pour les cybercriminels : budgets limités, données citoyens sensibles, systèmes d'information complexes parfois insuffisamment protégés. En février 2021, Angers Loire Métropole rejoint la liste des victimes avec une attaque ransomware qui compromet totalement son SI. Luc Dufresne, RSSI de la métropole, revient sur cette nuit où un attaquant opportuniste a pénétré le réseau.De la coupure immédiate d'Internet aux affiches dans les ascenseurs informant les agents de ne pas allumer leurs ordinateurs, notre invité raconte la gestion humaine et technique d'une crise qui a duré plusieurs mois. Il partage les leçons tirées de cette expérience : reconstruction à partir d'un cœur de confiance sécurisé, déploiement d'un SOC pour détecter les signaux faibles, sensibilisation renforcée des collaborateurs, et transformation de la culture cyber au sein de l'organisation.

In this milestone 200th episode of The PowerShell Podcast, Frank Lesniak returns to chat with Andrew Pla about automation, community, and what it means to “bet on yourself.” Frank shares his experiences leading cybersecurity and enterprise architecture projects, using PowerShell for AWS security automation, and developing tools to simplify complex data exports. He also discusses the upcoming PowerShell Summit, his work with DuPage Animal Friends, and the value of giving back through mentorship, community involvement, and open source.   Key Takeaways: PowerShell in the cloud – Frank dives deep into AWS automation and explains how PowerShell can simplify security and configuration management at scale. From console to community – After years of speaking and mentoring, Frank emphasizes how collaboration and consistent effort lead to career growth and confidence. Giving back through leadership – As VP of DuPage Animal Friends, Frank highlights the power of using your professional skills for good beyond tech. Guest Bio: Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where he leads a 45-member team focused on Microsoft's M365/Modern Work platform. His team specializes in navigating the technical complexities of corporate M&A, executing at-scale divestitures and integrations centered on Azure, Microsoft 365, Entra ID, Active Directory, and Windows. An active contributor to the tech community, Frank is a published author, open-source contributor, and a frequent speaker at conferences and user groups on topics including PowerShell, artificial intelligence, and offbeat technical talks related to his hobbies. In his local community, he serves as the Vice President of DuPage Animal Friends, a non-profit dedicated to supporting DuPage County's sole open-admission animal shelter.   Resource Links: Connect with Frank -https://linktr.ee/franklesniak Frank Lesniak on X (Twitter) – https://x.com/FrankLesniak Frank on LinkedIn – https://linkedin.com/in/flesniak Connect with Andrew - https://andrewpla.tech/links DuPage Animal Friends – https://dupageanimalfriends.org Previous Podcasts with Frank - https://powershellpodcast.podbean.com/?s=Frank%20Lesniak PowerShell Wednesdays – YouTube Playlist PDQ Discord (PowerShell Scripting Channel) – https://discord.gg/PDQ PowerShell Summit OnRamp Scholarship – https://www.powershellsummit.org/on-ramp/ The PowerShell Podcast on YouTube: https://youtu.be/cQvs5s3T1DA

Parce que… c'est l'épisode 0x657! Shameless plug 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Introduction Ce podcast explore la relation complexe entre les équipes Red Team et les solutions EDR (Endpoint Detection and Response), en mettant l'accent sur les dimensions business plutôt que purement techniques. Charles F. Hamilton partage son expertise terrain sur l'évasion des EDR et démystifie la confiance aveugle que beaucoup placent dans ces solutions présentées comme magiques. La réalité des EDR : au-delà du marketing Les EDR sont souvent vendus comme des solutions universelles de protection, mais cette perception cache une réalité plus nuancée. Il existe plusieurs types de solutions (EDR, XDR, NDR) avec des capacités différentes, notamment au niveau de la télémétrie réseau et de l'enrichissement des données. L'industrie de la cybersécurité reste avant tout un business, où les décisions sont guidées par des considérations financières, de croissance et de parts de marché plutôt que uniquement par la protection des utilisateurs. Un aspect troublant est la romanticisation des groupes d'attaquants par certaines compagnies de détection, qui créent des figurines géantes et des noms accrocheurs pour ces groupes criminels lors de conférences. Cette approche marketing peut paradoxalement valoriser le crime et encourager de nouveaux acteurs malveillants. Fonctionnement technique des EDR Les EDR fonctionnent sur plusieurs niveaux de détection. D'abord, l'aspect antivirus traditionnel effectue une analyse statique avant l'exécution d'un binaire. Ensuite, la détection en temps réel utilise diverses techniques : le user mode hooking (de moins en moins populaire), les callbacks dans le kernel, et ETW (Event Tracing for Windows) qui capture de la télémétrie partout dans Windows. Les EDR modernes privilégient les callbacks kernel plutôt que le user mode, car le kernel offre une meilleure protection. Cependant, le risque est qu'une erreur dans le code kernel peut causer un écran bleu, comme l'a démontré l'incident CrowdStrike. Microsoft a également implémenté les PPL (Protected Process Light) pour empêcher même les utilisateurs avec privilèges système de tuer certains processus critiques. Un point crucial : les Red Teams sont souvent plus sophistiquées que les attaquants réels, précisément parce qu'elles doivent contourner les EDR dans leurs mandats. Techniques d'évasion : simplicité et adaptation Contrairement à ce qu'on pourrait croire, l'évasion d'EDR ne nécessite pas toujours des techniques extrêmement sophistiquées. Plusieurs approches simples fonctionnent encore remarquablement bien. Par exemple, modifier légèrement un outil comme PinkCastle en changeant les requêtes LDAP et en désactivant certaines fonctionnalités détectables (comme les tentatives de zone transfer DNS ou les requêtes SPN) peut le rendre indétectable. Un cas particulier intéressant concerne un EDR qui, suite à son acquisition par Broadcom, a cessé d'être signé par Microsoft. Cette décision business a rendu leur DLL incapable de s'injecter dans les processus utilisant le flag de chargement de DLL signées uniquement par Microsoft, rendant effectivement l'EDR sans valeur de détection. Une stratégie efficace consiste à désactiver la connectivité réseau des processus EDR avant toute manipulation, en utilisant le firewall local. Même si des alertes sont générées, elles ne peuvent pas être transmises au serveur. L'agent apparaît simplement offline temporairement. Les vieilles techniques qui fonctionnent encore De nombreuses techniques d'attaque anciennes restent efficaces car elles ne sont pas assez utilisées par les attaquants standard pour justifier leur détection. Les EDR se concentrent sur le “commodity malware” - les attaques volumétriques - plutôt que sur les techniques de niche utilisées principalement par les Red Teams. Charles cite l'exemple d'une “nouvelle backdoor” découverte en 2024 qui était en fait son propre code archivé sur GitHub depuis 8 ans. Pour les compagnies de sécurité, c'était nouveau car jamais vu dans leur environnement, illustrant le décalage entre ce qui existe et ce qui est détecté. L'importance de la simplicité Un conseil crucial : ne pas suivre les tendances en matière de malware. Les techniques à la mode comme le stack spoofing deviennent rapidement détectées. Charles utilise depuis 6-7 ans un agent simple en C# sans share code ni techniques exotiques, qui passe encore inaperçu. La simplicité et une approche différente sont souvent plus efficaces que la complexité. L'utilisation de Beacon Object Files (BOF) avec Cobalt Strike évite l'injection de processus, réduisant considérablement les artefacts détectables. Recommandations pratiques Pour les organisations, avoir un EDR est essentiel en 2025 pour bloquer les attaques triviales. Mais ce n'est qu'un début. Il faut absolument avoir au moins une personne qui examine les logs quotidiennement, idéalement trois fois par jour. De nombreux incidents de réponse montrent que toute l'information était disponible dans la console EDR, mais personne ne l'a regardée. La segmentation réseau reste sous-développée depuis 15 ans, principalement pour des raisons de complexité opérationnelle. Sysmon devrait être déployé partout avec une configuration appropriée pour augmenter exponentiellement la visibilité, malgré la courbe d'apprentissage XML. La visibilité réseau est ce qui manque le plus aux clients en 2025. Sans elle, il est impossible de valider ce que les EDR prétendent avoir bloqué. Charles donne l'exemple de Microsoft Defender Identity qui dit avoir bloqué des attaques alors que l'attaquant a bel et bien obtenu les hash recherchés. Conclusion L'évasion d'EDR est une spécialisation à part entière, au même titre que le pentesting web ou Active Directory. Le secret est de comprendre profondément Windows, les outils et les EDR eux-mêmes avant de tenter de les contourner. Les entreprises doivent garder l'intelligence à l'interne plutôt que de dépendre entièrement des produits commerciaux. Finalement, la collaboration entre Blue Teams et Red Teams reste insuffisante. Plus de synergie permettrait aux deux côtés de mieux comprendre les perspectives de l'autre et d'améliorer globalement la sécurité. La curiosité et l'apprentissage continu sont les clés du succès dans ce domaine en constante évolution. Notes Training Training Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features Heather Costa, Director of Technology Resilience at Mayo Clinic. With over two decades of experience building resilience programs at leading healthcare institutions, Heather has redefined what it means to prepare for and thrive through disruption. From Cleveland Clinic to Mayo Clinic, she's led enterprise-wide recovery strategies that balance people, process, and technology. In this episode, Heather explains why true resilience starts with leadership, not technology, how to set clear priorities when everything feels critical, and how to design organizations that adapt and recover faster. This is a powerful look at the mindset and methods behind building resilience that lasts in healthcare and beyond. Guest Bio Heather M. Costa is a leading authority in cyber and technology resilience, currently serving as Director of Technology Resilience at Mayo Clinic. With over twenty years of experience, she has shaped resilience programs at premier healthcare institutions, notably pioneering business resilience at Cleveland Clinic before architecting Mayo Clinic's enterprise-wide recovery and continuity initiatives. Heather is a dynamic leader, keynote speaker, and mentor, frequently invited to share her insights at organizations and conferences such as Harvard NPLI, HIMSS, and the HIPAA Summit. She is recognized for building high-performing teams and fostering the next generation of cybersecurity leaders. Heather holds a Master's in Homeland Security – Information Security and Forensics from Penn State, a summa cum laude Bachelor's in Emergency Management from the University of Akron, and multiple esteemed certifications including Certified Business Continuity Professional (CBCP), Certified Cyber Resilience Professional (CCRP). She is Vice President for the WiCyS Healthcare Affiliate and a member of several distinguished honor societies. Outside of work, Heather is a dedicated solo mom to five children, inspiring her family and community with her resilience and leadership. Guest Quote "[Resilience]  means not just recovering, but being better. Adapting, where we're wired in our DNA organizationally, to thrive in disruption, not just survive.” Time stamps 01:08 Meet Heather Costa: Cyber Resilience Expert 04:49 Understanding Resilience in Healthcare 22:36 Starting with Minimal Viable Recovery 25:56 Worst Case Scenario Planning 28:30 Building a Resilient Environment 29:33 Heather's Blue Sky Strategy Planning 35:26 What's Missed When Building Resilience 37:43 Final Advice on Resilience Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Heather on LinkedIn Learn more about Mayo Clinic Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.Key Topics Covered:Early career pivots: Army leadership, perseverance, and precision → IT foundationsCertifications as a fast track (then) vs. blended learning and passion projects (now)The “pick your pain” decision: staying comfortable vs. returning to school to advanceBuilding a CISO gap analysis from job reqs and targeting stretch assignmentsUpgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)Turning tough feedback into growth: from geek speak to boardroom dialogueConsulting variety vs. ownership: when to switch for long-term impactThe 100-day plan: assess → plan → act → measure → adjust (with IR first)Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 daysMetrics as a “health language” and why today's CISO must be a radical collaboratorCarl's story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

Parce que… c'est l'épisode 0x649! Shameless plug 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Comprendre les différences et faire les bons choix Dans cet épisode du podcast Polysécure, l'animateur reçoit Cyndie Feltz, Nicolas Milot et Dominique Derrier pour démystifier deux concepts souvent confondus dans le domaine de la cybersécurité : les balayages de vulnérabilités et les tests d'intrusion. Cette discussion s'avère particulièrement pertinente pour les petites et moyennes entreprises qui doivent naviguer dans un environnement où les exigences de sécurité se multiplient, que ce soit pour obtenir une cyberassurance, répondre à des normes réglementaires ou rassurer des clients. La confusion sur le marché Le podcast débute en soulignant un problème majeur : les entreprises se font souvent imposer des tests de sécurité sans nécessairement comprendre ce qu'elles achètent réellement. Cette pression peut provenir d'une cyberassurance, d'un cadre normatif ou d'un client exigeant. Lorsque ces tests ne sont pas budgétés, les entreprises cherchent naturellement à minimiser les coûts, mais le marché offre toutes les saveurs possibles, et les écarts de prix peuvent atteindre un facteur de dix entre différentes offres. Cette variation crée naturellement de la confusion et des inquiétudes chez les clients. Deux outils complémentaires, mais distincts Les experts s'entendent d'abord sur un point fondamental : ni le balayage de vulnérabilités ni le test d'intrusion ne sont intrinsèquement mauvais. Ce sont simplement deux outils différents qui répondent à des besoins distincts. Le problème survient lorsqu'un vendeur présente l'un comme l'autre, ou inversement, créant ainsi des attentes qui ne seront pas comblées. Un balayage de vulnérabilités est essentiellement un processus automatique. Un outil informatique analyse une application web, un serveur interne ou une adresse IP pour identifier des failles potentielles. Sa mission consiste à générer le maximum de données possibles. L'entreprise paie littéralement pour obtenir une quantité importante d'informations, qu'elle devra ensuite filtrer et prioriser elle-même. Ces scans permettent de détecter des vulnérabilités connues, des CVE et des exploits déjà répertoriés. Le test d'intrusion, quant à lui, implique une intervention humaine. Un expert en sécurité effectue manuellement des tests sur les actifs de l'entreprise en utilisant son expertise et son cerveau pour comprendre le contexte spécifique de l'organisation. Contrairement au scanner automatique, le testeur d'intrusion peut évaluer la logique métier, comprendre où appuyer pour faire mal et exploiter réellement les vulnérabilités découvertes. L'analogie du gardiennage et du cambrioleur Dominique propose une excellente analogie pour illustrer cette différence : un balayage de vulnérabilités ressemble à quelqu'un qui fait le tour d'un bâtiment pour vérifier si les portes sont verrouillées et noter où se trouvent les caméras. Un test d'intrusion, en revanche, correspond à une personne qui tente activement de pénétrer dans le bâtiment en crochetant les serrures, en contournant les systèmes d'alarme et en testant toutes les entrées possibles. Cette dernière approche requiert des compétences beaucoup plus pointues et justifie naturellement des coûts plus élevés, tout en offrant un bénéfice supérieur puisqu'elle vérifie l'efficacité réelle des mesures de sécurité. Quand utiliser chaque approche La première question à se poser n'est pas de savoir s'il faut un scan ou un test d'intrusion, mais plutôt : quel est le besoin réel ? S'agit-il d'une exigence normative qui impose spécifiquement un test d'intrusion ? L'entreprise souhaite-t-elle simplement valider la sécurité de son application ou de son infrastructure ? Pour un produit SaaS exposé sur Internet, les balayages de vulnérabilités sont particulièrement appropriés et peuvent être effectués régulièrement, voire de manière automatisée. Ils permettent de détecter rapidement l'apparition de nouvelles vulnérabilités connues. Pour les entreprises de taille moyenne avec plus de 150 à 200 employés disposant d'une infrastructure interne complexe, incluant par exemple un Active Directory, les scans servent à détecter les CVE et les exploits connus. Cependant, un scan de vulnérabilités ne tentera jamais de compromettre un Active Directory pour devenir administrateur de domaine, contrairement à ce que devrait faire un véritable test d'intrusion interne. La question de la récurrence et de la valeur Les balayages de vulnérabilités présentent l'avantage de pouvoir être effectués fréquemment, mensuellement ou même hebdomadairement. Les entreprises peuvent acheter leur propre licence et administrer ces scans en interne. Si elles font appel à une firme externe, la vraie valeur ajoutée ne réside pas dans le rapport brut, mais dans l'aide apportée pour filtrer et prioriser les résultats. Un fournisseur de services de sécurité managés (MSSP) devrait intégrer ces analyses automatiques dans son offre globale et les mettre en adéquation avec les autres outils de sécurité déjà en place. Recommandations pour les PME Les experts insistent sur plusieurs points essentiels. Premièrement, toutes les entreprises n'ont pas besoin d'un test d'intrusion. Une société de quinze à vingt personnes utilisant Google Workspace et WordPress bénéficierait davantage d'investir dans des révisions de configuration que dans un coûteux test d'intrusion, qui avoisine souvent les cinq chiffres. Deuxièmement, il est crucial de maintenir une bonne gouvernance en s'assurant que l'entité qui gère la sécurité quotidienne ne soit pas celle qui effectue les tests d'intrusion. Cette séparation garantit l'objectivité de l'évaluation, tout comme on ne demanderait pas à son agence comptable de réaliser son propre audit financier. Troisièmement, réduire l'empreinte numérique résout souvent davantage de problèmes qu'un simple test de sécurité. Limiter le nombre d'outils et de services utilisés, bien configurer ceux qui restent, et former adéquatement les équipes constituent des mesures préventives plus rentables qu'un test d'intrusion coûteux qui viendrait simplement confirmer des failles évidentes. Enfin, les experts encouragent les entreprises à considérer leurs mesures de cybersécurité non pas uniquement comme une dépense, mais comme un investissement qui peut devenir un argument de vente. Former les équipes commerciales sur les pratiques de sécurité mises en place permet de transformer cette démarche en avantage concurrentiel, même en l'absence de certification formelle. Conclusion Ce podcast clarifie efficacement un sujet souvent source de confusion pour les PME. La distinction entre balayages de vulnérabilités et tests d'intrusion repose essentiellement sur l'automatisation versus l'intervention humaine, la quantité versus la qualité contextuelle, et la détection versus l'exploitation réelle. Le choix entre ces deux approches doit toujours découler d'une analyse rigoureuse des besoins spécifiques de l'entreprise, de son budget et de ses obligations réglementaires, tout en gardant à l'esprit que la meilleure sécurité commence par des pratiques de base solides et une empreinte numérique maîtrisée. Collaborateurs Nicolas-Loïc Fortin Cyndie Feltz Nicholas Milot Dominique Derrier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.Widely known as “Dr. Zero Trust”, he's the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.Guest Bio Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.Guest Quote" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”Time stamps 01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and AdviceSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Chase on LinkedInLearn more about Demo-Force.comChase's HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse Connect with Sean on LinkedIn Don't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. Jeremy Chapman, Microsoft 365 Director, shows how to start minimizing your local directory and make Microsoft Entra your source of authority to protect access everywhere. ► QUICK LINKS: 00:00 - Minimize Active Directory with Microsoft Entra 00:34 - Build a Strong Identity Foundation 01:28 - Reduce Dual Management Overhead 02:06 - Begin with Groups 03:04 - Automate with Graph & Policy Controls 03:50 - Access packages 06:00 - Move user objects to be cloud-managed 07:03 - Automate using scripts or code 09:17 - Wrap up ► Link References Get started at https://aka.ms/CloudManagedIdentity Use SOA scenarios at https://aka.ms/usersoadocs Group SOA scenarios at https://aka.ms/groupsoadocs Guidance for IT Architects on benefits of SOA at https://aka.ms/SOAITArchitectsGuidance ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Parce que… c'est l'épisode 0x641! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Dans cet épisode, trois experts en cybersécurité partagent leur expérience pour démystifier l'idée reçue selon laquelle la sécurité informatique serait financièrement hors de portée pour les petites et moyennes entreprises. Nicholas Milot, cofondateur de Yack et spécialiste des tests d'intrusion, Cyndie Feltz, également cofondatrice de Yack avec une expertise en gestion exécutive, et Dominique Derrier, RSSI chez Neotrust, apportent un éclairage pragmatique sur cette question cruciale. Le mythe du coût prohibitif L'un des principaux obstacles psychologiques pour les PME est la perception que la cybersécurité nécessite des budgets comparables à ceux des grandes entreprises comme Desjardins. Cette croyance est renforcée par l'abondance de solutions coûteuses sur le marché, souvent assorties de minimums d'utilisateurs qui peuvent rapidement faire grimper la facture à des centaines de milliers de dollars. Face à ces chiffres, de nombreuses PME concluent que la sécurité n'est tout simplement pas à leur portée et abandonnent l'idée d'investir dans ce domaine. Pourtant, cette vision est fondamentalement erronée. Comme le souligne Cyndie Feltz à travers une analogie pertinente avec la santé, la cybersécurité s'apparente davantage à une bonne hygiène de vie qu'à un traitement de luxe. Certes, on peut dépenser des sommes importantes pour des coachs sportifs personnalisés et des programmes d'entraînement sophistiqués, mais les bases d'une bonne santé reposent simplement sur une alimentation équilibrée, une paire de chaussures de course et de la régularité. La cybersécurité fonctionne selon le même principe : il s'agit d'adopter de bonnes pratiques quotidiennes plutôt que d'accumuler des solutions technologiques onéreuses. Le piège du “buffet de cybersécurité” Le marché propose environ 300 types de produits différents en matière de sécurité informatique. Face à ce buffet gargantuesque où tout semble briller et attirer l'attention, il est facile pour une PME de se sentir dépassée et de faire des choix inadaptés à ses besoins réels. Le problème ne réside pas uniquement dans le coût d'acquisition de ces solutions, mais aussi dans les ressources nécessaires pour les administrer correctement. Les experts constatent régulièrement que les PME acquièrent des outils sophistiqués qu'elles n'ont ni le temps ni les compétences d'utiliser efficacement. Une solution non configurée ou mal administrée n'apporte aucune valeur, quelle que soit sa qualité intrinsèque. De plus, les vendeurs, naturellement motivés par leurs objectifs commerciaux, peuvent convaincre les entreprises d'acheter des produits performants mais inadaptés à leur contexte spécifique. Nicolas Milot observe dans ses tests d'intrusion que les entreprises compromises disposent souvent de solutions de sécurité en place, mais que celles-ci ne sont pas correctement exploitées. Le manque de temps pour se “mettre les mains dedans” et maintenir ces outils à jour rend les investissements initiaux largement inefficaces. Les fondamentaux accessibles Avant même de considérer l'achat de nouvelles solutions, les PME peuvent mettre en place des mesures de base à faible coût. Dominique Derrier suggère de commencer simplement par des politiques internes et des mémos, même si leur efficacité reste limitée. L'important est de ne pas se cacher derrière l'excuse du coût pour ne rien faire du tout. Une approche progressive, étape par étape, permet d'avancer sans dépenses excessives. Les experts s'accordent sur quatre piliers fondamentaux que toute PME devrait prioriser : L'authentification multifacteur (MFA) : Protéger l'identification des utilisateurs avec des mots de passe robustes et le MFA représente un investissement minimal avec un impact sécuritaire maximal. Ces outils sont souvent déjà disponibles dans les licences Microsoft ou Google que les entreprises possèdent. Les mises à jour régulières : Nicolas souligne avec humour qu'il profite justement des entreprises négligentes en matière de mises à jour pour démontrer la facilité avec laquelle on peut compromettre leurs systèmes. Maintenir ses logiciels à jour ne coûte rien, mais sauve beaucoup de problèmes. Les antivirus et solutions de détection (EDR/XDR) : Même Windows Defender, bien que pas optimal, vaut mieux que rien et est souvent déjà inclus dans les licences existantes. L'essentiel est de le configurer correctement et de surveiller les alertes. Les sauvegardes (backups) : Point crucial soulevé par tous les intervenants, les backups devraient relever de l'opérationnel TI plutôt que de la sécurité. Ils doivent être correctement configurés, testés régulièrement, et surtout ne jamais être joints au domaine Active Directory, une erreur courante aux conséquences désastreuses. Les pièges à éviter Les experts mettent en garde contre plusieurs écueils. L'utilisation de l'intelligence artificielle comme argument de vente pour les PME constitue un signal d'alarme : ces entreprises n'ont pas besoin de ce type de fonctionnalités sophistiquées, même si certaines formes d'analyse comportementale existent depuis longtemps dans les outils de sécurité sous d'autres appellations. Un bon conseiller ne cherchera pas à vendre de nouvelles solutions, mais plutôt à optimiser l'existant. La configuration correcte de Microsoft ou Google, dont les paramètres par défaut laissent souvent à désirer, peut transformer radicalement la posture de sécurité sans investissement supplémentaire. Conclusion Le message est clair : mieux vaut faire peu de choses mais les faire bien, plutôt que de multiplier les outils partiellement déployés. La question fondamentale pour chaque PME devrait être : “Que se passerait-il si nous perdions toutes nos données ?” Cette réflexion sur ce qui est véritablement précieux permet d'orienter les investissements de manière pragmatique. La cybersécurité n'est pas une question de budget illimité, mais de choix judicieux et d'utilisation optimale des ressources disponibles. Collaborateurs Nicolas-Loïc Fortin Cyndie Feltz Nicholas Milot Dominique Derrier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features Jonathon Mayor, Principal Security Consultant for the Americas at Cohesity.A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team, Jonathon has more than 20 years of experience in security operations, forensics, and business continuity, with past leadership roles at EMC, Dell, and Verizon. He's guided Fortune 500 and Global 1000 organizations through high-stakes incident response and recovery.In this episode, Jonathon explains why trust is the first casualty in a cyberattack, how to distinguish between mission critical operations and mission critical response, and why resilience depends as much on people and process as on technology. He shares candid lessons from the field on avoiding endless “what if” scenarios, preparing for the human toll of prolonged incidents, and building flexibility into every plan.This is a practical look at cyber resilience and the critical skills every leader needs to have before the next 2 a.m. incident call. Guest Bio Jonathon Mayor is Principal Security Consultant for the Americas at Cohesity, where he has helped many Fortune 500 and Global 1000 organizations strengthen cyber resilience through threat intelligence, incident response, and recovery strategy. A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team (CERT), his current focus is proactively collaborating with security partners and customers to strengthen security posture and readiness by drawing from the experiences and lessons learned through CERT.With more than 20 years in security operations, forensics, and business continuity, Jonathon has held leadership roles at EMC, Dell, and Verizon, where he oversaw global NOC operations and major incident mitigation.Guest Quote " The thing that's most important that's lost first and hardest to regain is trust. Everything else is secondary. If the very tools that I'm relying on to respond have been compromised, and therefore I can't trust them, where does my plan go from there?”Time stamps 01:10 Meet Jonathan Mayor 03:37 Rethinking What's Mission Critical 12:25 Avoiding Endless What If's 15:50 Paranoia Has a Budget: Prioritizing Risks 21:27 The Human Element in Cyber Defense 25:01 Importance of Mindset Flexibility 27:11 Post-Incident AdviceSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Jonathon on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Parce que… c'est l'épisode 0x640! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Introduction et parcours professionnel Mathieu Saulnier, connu sous le pseudonyme “Scooby” dans la communauté de cybersécurité, possède une vingtaine d'années d'expérience dans le domaine. Son parcours l'a mené d'un grand fournisseur internet et de télécommunications vers la gestion d'un SOC (Security Operations Center), puis vers des rôles de recherche sur les menaces pour des vendeurs de SIEM et d'EDR. Aujourd'hui, il occupe le poste de product manager pour BloodHound Community Edition chez SpecterOps, une position qu'il a obtenue grâce à ses nombreuses présentations sur BloodHound au fil des années. BloodHound version 8 et la révolution OpenGraph La version 8 de BloodHound représente une évolution majeure de l'outil. La fonctionnalité phare est OpenGraph, qui permet d'ingérer n'importe quel type de données dans le graphe et de créer ses propres chemins d'attaque pour différentes technologies. Historiquement, BloodHound se concentrait exclusivement sur Active Directory et Azure/Entra ID, mais cette limitation appartient désormais au passé. Avec le lancement d'OpenGraph, SpecterOps a publié plusieurs nouveaux collecteurs pour diverses technologies : One Password, Snowflake, et Jamf (pour la gestion des postes de travail Mac). La communauté a réagi avec enthousiasme, puisqu'en seulement 48 heures après l'annonce, un contributeur externe a créé un collecteur pour Ansible. Plus récemment, un collecteur pour VMware vCenter et ESXi a également vu le jour, démontrant l'adoption rapide de cette nouvelle capacité. La distinction fondamentale : access path versus attack path Mathieu utilise une analogie éclairante avec Google Maps pour expliquer la différence entre un chemin d'accès et un chemin d'attaque. Google Maps montre les chemins autorisés selon différents modes de transport (voiture, vélo, transport en commun), chacun ayant ses propres règles et restrictions. C'est l'équivalent d'un graphe d'accès qui indique où on a le droit d'aller. Un chemin d'attaque, en revanche, représente la perspective d'un adversaire qui ne se préoccupe pas des règlements. L'exemple donné est celui d'une voiture roulant sur une piste cyclable à Montréal : c'est interdit, on sait qu'on risque une contravention, mais c'est techniquement possible. Dans le monde numérique, les conséquences sont souvent moins immédiates et moins visibles, ce qui explique pourquoi les attaquants exploitent régulièrement ces chemins non conventionnels. L'évolution du modèle de données BloodHound a commencé modestement avec seulement trois types d'objets (utilisateurs, groupes et ordinateurs) et trois types de relations (member of, admin et session). Depuis, le modèle s'est considérablement enrichi grâce aux recherches menées par SpecterOps et d'autres organisations. Des propriétés comme le Kerberoasting ont été ajoutées, permettant d'identifier les objets vulnérables à ce type d'attaque et d'élever ses privilèges. La vraie puissance d'OpenGraph réside dans la capacité de relier différents systèmes entre eux. Par exemple, si un attaquant compromet le poste d'un utilisateur ayant accès à un dépôt GitHub, il peut voler les tokens et sessions pour effectuer des commits au nom de cet utilisateur, potentiellement dans une bibliothèque largement utilisée, ouvrant ainsi la voie à une attaque de la chaîne d'approvisionnement (supply chain attack). Cette interconnexion multi-dimensionnelle des systèmes était difficile à visualiser mentalement, mais le graphe la rend évidente. Créer des collecteurs OpenGraph : exigences et bonnes pratiques Pour qu'un collecteur soit accepté dans la liste officielle des projets communautaires, certains standards doivent être respectés. Il faut créer le connecteur avec une documentation détaillant les permissions minimales nécessaires (principe du moindre privilège), expliquer son fonctionnement, les systèmes d'exploitation supportés, et les dépendances requises. La documentation devrait également inclure des références sur comment exploiter ou défendre contre les vulnérabilités identifiées. Bien que non obligatoires, des éléments visuels personnalisés (icônes et couleurs) sont fortement recommandés pour assurer une cohérence visuelle dans la communauté. Le projet étant open source, les utilisateurs peuvent toujours modifier ces éléments selon leurs préférences. Un aspect crucial est la fourniture de requêtes Cypher pré-construites. Sans ces requêtes, un utilisateur qui ne connaît pas Cypher pourrait importer toutes les données mais se retrouver bloqué pour les exploiter efficacement. Le langage Cypher et l'accès aux données BloodHound fonctionne sur une base de données graphique, historiquement Neo4j, mais maintenant également PostgreSQL grâce à un module de conversion. Le langage de requête utilisé est Cypher, qui possède une syntaxe particulière. Pour rendre l'outil plus accessible, SpecterOps maintient une bibliothèque Cypher contenant de nombreuses requêtes créées par l'équipe et la communauté. Ces requêtes peuvent être exécutées directement depuis le portail BloodHound. L'entreprise explore également l'utilisation de LLM (Large Language Models) pour générer des requêtes Cypher automatiquement, bien que le corpus public de données spécifiques à BloodHound soit encore limité. Les pistes futures incluent l'utilisation de MCP (Model Context Protocol) et d'approches agentiques pour améliorer la génération de requêtes. Usage défensif et offensif : deux faces d'une même médaille Mathieu souligne que les mêmes requêtes Cypher peuvent servir tant aux équipes bleues (défensives) qu'aux équipes rouges (offensives). La différence réside dans l'intention et l'utilisation des résultats, pas dans les outils eux-mêmes. C'est l'équivalent du marteau qui peut construire ou détruire selon l'utilisateur. Pour l'usage défensif, BloodHound Enterprise offre des fonctionnalités avancées comme le scan quasi-continu, l'identification automatique des points de contrôle critiques (choke points), et des outils de remédiation. Même la version communautaire gratuite permet de découvrir des vulnérabilités majeures lors de la première exécution. Exemples concrets et cas d'usage Mathieu partage des exemples frappants de découvertes faites avec BloodHound. Dans une entreprise de plus de 60 000 employés, il a identifié un serveur où tous les utilisateurs du domaine (domain users) avaient été accidentellement configurés comme administrateurs locaux. Comme un compte administrateur de domaine se connectait régulièrement à ce serveur, n'importe quel utilisateur pouvait devenir administrateur du domaine en seulement trois étapes : RDP vers le serveur, dump de la mémoire pour récupérer le token, puis attaque pass-the-hash. Un autre cas récent impliquait le script de login d'un administrateur de domaine stocké dans un répertoire accessible en écriture à tous. En y plaçant un simple script affichant un popup, l'équipe de sécurité a rapidement reçu une notification prouvant la vulnérabilité. Nouvelles fonctionnalités : la vue tableau Bien que moins spectaculaire qu'OpenGraph, la fonctionnalité “table view” répond à un besoin important. La célèbre citation de John Lambert de Microsoft (2015) dit : “Les attaquants pensent en graphe, les défenseurs pensent en liste. Tant que ce sera vrai, les attaquants gagneront.” Bien que la visualisation graphique soit le paradigme central de BloodHound, certaines analyses nécessitent une vue tabulaire. Par exemple, une requête identifiant tous les comptes Kerberoastables retourne de nombreux points à l'écran, mais sans informations détaillées sur les privilèges ou l'appartenance aux groupes. La vue tableau permet de choisir les colonnes à afficher et d'exporter les données en JSON (et bientôt en CSV), facilitant l'analyse et le partage d'informations. Deathcon Montréal : la conférence pour les défenseurs En complément à son travail sur BloodHound, Mathieu est le site leader de Montréal pour Deathcon (Detection Engineering and Threat Hunting Conference). Cette conférence unique, entièrement axée sur les ateliers pratiques (hands-on), se déroule sur deux jours en novembre. Contrairement aux conférences traditionnelles, tous les ateliers sont pré-enregistrés, permettant aux participants de travailler à leur rythme. L'événement se limite volontairement à 50 personnes maximum pour maintenir une atmosphère humaine et favoriser les interactions. Les participants ont accès à un laboratoire massif incluant Splunk, Elastic, Sentinel et Security Onion, et conservent cet accès pendant au moins un mois après l'événement. Sans sponsors, la conférence est entièrement financée par les billets, et l'édition 2024 a déjà vendu plus de 30 places, avec de nombreux participants de l'année précédente qui reviennent. Conclusion BloodHound avec OpenGraph représente une évolution majeure dans la visualisation et l'analyse des chemins d'attaque en cybersécurité. En permettant l'intégration de multiples technologies au-delà d'Active Directory, l'outil offre désormais une vision holistique des vulnérabilités organisationnelles. Que ce soit pour la défense ou les tests d'intrusion, BloodHound continue de démontrer que penser en graphe plutôt qu'en liste constitue un avantage stratégique décisif en matière de sécurité. Collaborateurs Nicolas-Loïc Fortin Mathieu Saulnier Crédits Montage par Intrasecure inc Locaux réels par Bsides Montréal

In this episode of the Identity Jedi Show, the host welcomes Jim DeSantis for an engaging interview. They discuss their unique paths in the identity field, share experiences with Active Directory, and explore the rapid development of AI technologies. The episode highlights the challenges and misconceptions around AI implementation in enterprises, the permanence of Active Directory in certain sectors, and the complexities of data management. Additionally, the host outlines recent major acquisitions in the identity space and speculates on the future of identity management as vendors strive for platform consolidation. The episode concludes with a reflection on the inevitable disruption AI will bring to various industries and the evolving role of service companies.https://www.theidentityjedi.comhttps://leovici.com/?ref=identityjedi00:00 Introduction and Episode Overview01:02 Insert Intro Video/Music01:37 Housekeeping and Announcements04:11 Interview with Jim DeSantis06:19 Identity Management Challenges15:02 AI in Identity and Data Management29:44 Exploring AI Tools and Their Impact30:22 The Magic and Reality of Technology31:27 The Future of Software Development34:01 Challenges in Cybersecurity and SOC Integration35:13 The Cycles of Tech Platforms and Best Practices44:56 The Longevity of Active Directory51:43 The Year of Acquisitions in Identity56:36 Concluding Thoughts and Future Outlook

In this episode, we're digging into a super awesome Active Directory security tool called PingCastle. We'll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.

This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA.With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident.In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected. He unpacks key lessons on preparing for low-probability, high-impact events, defending against identity misuse, and why trust must always come with verification.This is a behind-the-scenes look at the Snowden breach, and what every cybersecurity leader needs to learn from it.Guest Bio  Chris served as the first national cyber director of the United States, and as deputy director of the NSA for eight years. Chris has spent more than four decades in public service shaping the future of national cybersecurity.His career includes serving as a commissioner on the US Cyberspace, solarium Commission, and as as an advisor to the Department of Defense and the intelligence community. Chris has received numerous honors for his service, including the President's National Security Medal and the DNI distinguished service medal.A U.S. Air Force Academy graduate, he holds advanced degrees in engineering and computer science from Columbia University and the George Washington University. His military career includes over 30 years in the U.S. Air Force and Air National Guard, retiring as a brigadier general. Most recently, he served as a U.S. Naval Academy Looker Distinguished Visiting Professor for cyber studies and as a commissioner on the U.S. Cyberspace Solarium Commission.Guest Quote " The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps 01:29 The Snowden Incident: A Deep Dive 06:07 NSA's Internal Challenges and Lessons Learned 07:29 Organizational Silos and Technical Blind Spots 13:42 Crisis Management and Response Strategies 16:56 Public Perception and Trust 23:22  Misunderstandings of Snowden's Allegations 28:15 Lessons from the Snowden Incident 29:44 Cybersecurity in the Business World 29:57 How the Snowden Incident Reshaped NSA's Threat Monitoring 36:49 Strategic and Tactical Approaches to Security 42:35 Final Thoughts and TakeawaysSponsor Identity Breach Confidential is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jeff on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Welcome to Red Team Unleashed — Part 1 of InfosecTrain's masterclass on offensive security. In this episode we demystify how advanced red teams design realistic attack scenarios and test organizational defenses end-to-end. You'll learn the differences between red teaming and penetration testing, the common engagement types, and the full red team attack lifecycle. We also introduce the MITRE ATT&CK framework and dive into reconnaissance and enumeration techniques in Active Directory environments — the foundational skills every offensive operator and defender should know. Whether you're an ethical hacker, SOC analyst, or security professional aiming to level up, this session gives practical frameworks and real-world context to sharpen your offensive and detection capabilities.For certifications, structured training, or team workshops, visit: ⁠⁠infosectrain.com ⁠⁠For enquiries, email: ⁠⁠sales@infosectrain.com⁠⁠ or connect via ⁠⁠infosectrain.com⁠⁠⁠⁠/contact-us

This episode features Jake Hildreth, Principal Security Consultant at Semperis.With nearly 25 years of IT experience, Jake has seen how Active Directory Certificate Services (AD CS) can quietly become the most fragile, and most dangerous, part of an enterprise's identity infrastructure. Misunderstood, neglected, and often misconfigured, AD CS can hand attackers the ability to impersonate anyone in the organization.In this episode, Jake demystifies why certificates feel like “cult knowledge,” explains how simple missteps in AD CS cascade into critical risks, and shares real-world lessons from the front lines. He also introduces tools designed to help overworked admins find and fix issues before adversaries exploit them.This is a candid look at one of the least understood but most critical components of identity security, and the steps every security team should take now to avoid becoming the slowest gazelle in the herd.Guest BioJake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services.He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.Guest Quote" The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps05:00 Why Are People Afraid of Certificates?07:52 Basics of Public Key Infrastructure (PKI)17:36 How AD CS Integrates with Active Directory20:20 Setting Up and Configuring AD CS23:19 Active Directory and Certificate Services Integration23:54 Consequences of a Compromised AD25:55 Primary Use Cases for AD CS28:39 Recommendations for Managing AD CS30:46 Locksmith: A Tool for AD CS Issues34:06 Common Security Issues in AD CS38:28 Steps to Improve AD CS SecuritySponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jake on LinkedIn Learn about Locksmith Learn about Purple Knight Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

Episode 1000! Richard Campbell invites Paul Thurrott to join him to celebrate the milestone episode and answer questions from listeners. From the creation of the podcast to the role of Windows in the modern world, the impact of ARM, Cloud, and many other technologies - all addressed in this super-sized episode. And yes, artificial intelligence is part of the conversation—and will be part of the workflows that sysadmins utilize on a day-to-day basis. Thanks to all the folks who sent in questions for this special show - and thanks for listening!LinksDoes Windows Still MatterWindows Server 2025ARM in AzureAzure FastTrackCloud Adoption Framework for AzureMicrosoft VivaRecorded August 31, 2025

Today, we'll take a look at something that is of the essence for anyone working with identities and the shift to the cloud. What is Group SOA, and why should you care? We reflect on the dependencies of Active Directory, the five stages of transformation, and what this capability will help you achieve. (00:00) - Intro and catching up.(05:20) - Show content starts.Show links- Group SOAProvide feedback- Give us feedback!

This episode features Ed Amoroso, CEO of TAG Infosphere and former AT&T Chief Security Officer.With decades of experience securing complex infrastructures, Ed joins during a period of unprecedented change in the U.S. federal government, a moment he warns is ripe for cyberattacks. In this episode, Ed explains why rapid organizational shifts create prime openings for adversaries, and why Active Directory, often poorly understood and “orphaned” in ownership, is the first place attackers look for the keys to the kingdom. He shares practical steps for reducing complexity, shoring up identity infrastructure, and spotting risks before they're exploited. This is a timely look at how change fuels cyber risk, and the urgent actions every security leader should take now. Guest BioDr. Ed Amoroso is CEO of TAG Infosphere. An NYU professor and former AT&T executive, Ed started TAG Cyber in 2016 to democratize research and advisory services and unleash his inner entrepreneur. Business Insider tapped him as one of the country's 50 leaders “who helped lead the cyber security industry." Guest Quote"The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.” Time stamps02:25 Cybersecurity in Times of Change 14:34 Active Directory: The Heart of Cybersecurity 17:35 Recommendations for Organizations 27:04 The Role of Government and Private Sector 30:01 Final Thoughts and Advice Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Ed on LinkedIn Learn more about TAG InfosphereConnect with Sean on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Hello friends!  Today your friend and mine, Joe “The Machine” Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy!  Today's pwnage includes: “Upgrading” our Sliver C2 connection to a full system shell using PrintSpoofer! Abusing nanodump to do an lsass minidump….and find our first cred. Analyzing BloodHound data to find (and own) excessive permissions against Active Directory objects

In this high-energy episode, returning guests Gilbert Sanchez and Jake Hildreth join Andrew for a deep dive into: Module templating with PSStucco Building for accessibility in PowerShell Creating open source GitHub orgs like PSInclusive How PowerShell can lead to learning modern dev workflows like GitHub Actions and CI/CD What begins with a conversation about a live demo gone hilariously sideways turns into an insightful exploration of how PowerShell acts as a launchpad into bigger ecosystems like GitHub, YAML, JSON, and continuous integration pipelines.Bios &   Bios: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD.   Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.   Links https://gilbertsanchez.com/posts/stucco-create-powershell-module/ https://jakehildreth.github.io/blog/2025/07/02/PowerShell-Module-Scaffolding-with-PSStucco.html https://github.com/PSInclusive https://jakehildreth.com/ https://andrewpla.tech/links https://discord.gg/pdq https://pdq.com/podcast https://youtu.be/w-z2-0ii96Y  

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. We'll break down how AD CS works, how it gets abused, and what defenders need to do to lock it down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

July 21, 2025: Josh Tacey, Enterprise Architect at Omnissa, joins Bill for the news. They discuss all things HIPAA security-related as the refinement process continues to advance. The conversation centers on the controversial 72-hour business continuity requirement—can health systems really restore operations within three days when current ransomware recoveries take weeks? Josh explores whether mandated network segmentation actually helps attackers by providing a standard blueprint, and why Active Directory remains every hacker's primary target.  Key Points: 01:46 HIPAA Security Rule Issues 07:52 Challenges in Network Segmentation 10:58 Access Control and Vulnerability Patching 18:20 Architectural Practices in Healthcare News Articles:  HIPAA Security Rule X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Dave Sobel hosts a sponsored webinar discussing the modern endpoint management capabilities of Microsoft Intune, particularly its relevance for Managed Service Providers (MSPs). The session features Rolando Jimenez, a technical trainer at Nerdio, and Hugo Salazar, a Go Live engineer, who share their insights and experiences with Intune. They explore the evolution of Intune from a supplementary tool to a central component of Microsoft 365, emphasizing its integration with security products and the shift away from traditional on-premises solutions like Active Directory and Group Policy.The conversation highlights the practical aspects of deploying Intune, including the importance of pre-planning and understanding the complexities involved in transitioning from legacy systems. Rolando and Hugo discuss common pitfalls that MSPs encounter when setting up Intune, such as the need for proper configuration and the significance of using tools like the Group Policy Analyzer. They also emphasize the benefits of using Intune's autopilot feature for zero-touch enrollment, which streamlines the onboarding process for new devices.Security is a major focus, with the speakers addressing how Intune helps manage compliance and protect sensitive data, especially in a remote work environment. They explain the differences between Mobile Device Management (MDM) and Mobile Application Management (MAM), detailing how MAM allows for the protection of corporate data on personal devices without requiring full device management. This nuanced approach is crucial for organizations that want to balance user privacy with security needs.As the discussion wraps up, Rolando and Hugo encourage MSPs to embrace Intune as a powerful tool for endpoint management. They stress the importance of leveraging the capabilities of Intune to enhance operational efficiency and security while providing practical advice for successful implementation. The session concludes with a Q&A segment, where they address specific questions from the audience, further clarifying the benefits and functionalities of Intune in modern IT management. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

If you like what you hear, please subscribe, leave us a review and tell a friend!

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

In this episode, Steve Goodman and Bastiaan Verdonk interview Victor King from Quest on best practices for Active Directory security. They discuss identifying misconfigurations, managing privileged access, and continuous environmental monitoring.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!

"We're here to take the complexity out of unified communications — and turn it into simplicity." — Todd Remely, Unimax At Cisco Live 2025 in San Diego, Technology Reseller News publisher Doug Green caught up with Todd Remely of Unimax to explore how the company is streamlining unified communications (UC) management for enterprises and partners alike. With over 30 years in business, Unimax is a veteran in the telecom software space. Their tools help organizations manage Cisco, Microsoft Teams, Zoom, and Avaya UC systems more efficiently — and that value was on full display across two booths at Cisco Live: one in the Collaboration Village (highlighting Webex integration) and another on the main show floor. Three Ways Unimax Delivers Simplicity in Complex UC Environments: Second Nature A power-user interface that layers over Cisco and other major UC platforms, enabling administrators to perform complex MACDs (moves, adds, changes, deletes) and configuration tasks like provisioning, routing, and device pool management — all from one streamlined dashboard. Automation Platform Unimax enables full automation of provisioning and deprovisioning processes. Their platform integrates with Active Directory, ServiceNow, Remedy, HRIS systems, and any REST API-enabled tool, drastically reducing time and human error in user onboarding and offboarding. HelpOne A lightweight interface that empowers Tier 1 help desk agents to complete routine MACDs — such as password resets — without telecom expertise, freeing up UC teams to focus on higher-priority work. Remely noted strong engagement from MSPs and resellers, many of whom use Unimax's multi-tenant solutions to manage customer UC systems at scale. "We're solution-focused," he said. "And we love working with end users — because that's where the real problems are, and that's where we can help most." For more information or to request a demo, visit unimax.com or contact the team at tellmemore@unimax.com.

Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!LinksKB5014754Microsoft Security Response CenterCreate and Assign SCEP Certificate Profiles in IntuneRecorded April 10, 2025

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.

On this episode of Security Noise, Geoff and Skyler chat with Identity Security Architect Sean Metcalf about securing Active Directory, Entra, DS, and that messy space in between. Sean also talks about his recent presentation at RSA, common challenges in the identity security space, frequently seen penetration test findings, and more! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment. Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in      Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore advanced techniques and tools for monitoring, detecting, and responding to suspicious activities within your network.- Case Studies: Hear real-world examples of Active Directory attacks and what lessons can be learned from them.- Interactive Q&A: Have your specific questions answered during our live Q&A session with the experts.Whether you want to enhance your security posture or start from scratch, this webinar will provide you with the knowledge and tools necessary to protect your systems more effectively.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

Active Directory is 25 years old - are you still managing it like it's 1999? Richard talks to Liz Tesch about her excellent blog post on the subject and the challenge many sysadmins have with Active Directory today. Liz talks about how WAN bandwidth was a concern in the early 2000s, so we organized Active Directory into Organizational Units to minimize the amount of AD traffic over the WAN - today, that is irrelevant. The challenge today is ensuring AD is not a vector for blackhats to attack the organization. Raising your functional level and utilizing some great free tools (check the links in the show notes) are all you need to use Active Directory like it's 2025!LinksActive Directory is 25 Years Old. Do you still manage it like it's 1999?mimikatzWindows Local Administrator Password SolutionMicrosoft Entra Privileged Identity ManagementKara Lawson - Handle Hard BetterEndpoint Detection and ResponseRecorded April 4, 2025

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS.  In This Episode You Will Learn:  How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries Why mentorship and positive leadership can catapult your cybersecurity career When measuring network response times can unintentionally leak valuable info Some Questions We Ask: Do you remember the first time you made code do something unexpected? What was your experience like in the Zero Day Quest building for those three days? How are you thinking of approaching fuzzing after Zero Day Quest?      Resources:      View Marco Ivaldi on LinkedIn    View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  HN SECURITY Learn More About Marco   Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

This week, I'm talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting. While nesting can simplify account administration and permission management, it can also create real opportunities for attackers if...

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, and he is discussing the latest with CISA and Chris Krebs. Selected Reading Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today) US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine) Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin) Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread) Dangling DNS Attack Let Hackers Gain Control Over Organization's Subdomain (Cyber Security News) Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech) Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer) Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping Computer) AI Hallucinations Create a New Software Supply Chain Threat (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice! Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline. This week's episode is sponsored by SpecterOps, makers of the Bloodhound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using Bloodhound's insight. This episode is also available on Youtube. Show notes CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security Camera off: Akira deploys ransomware via webcam Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices Alleged Co-Founder of Garantex Arrested in India – Krebs on Security 37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica What Really Happened With the DDoS Attacks That Took Down X | WIRED Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News Safe.eth on X: "Investigation Updates and Community Call to Action" / X How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support. US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News Former top NSA cyber official: Probationary firings ‘devastating' to cyber, national security | CyberScoop U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post

Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly

Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly