Podcasts about Active Directory

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com.  Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you'll be doing should you choose to join me on this hacking adventure!

Imagine your work day starting off like any other only to find you've been laid off. What would you do next? Dave Stevens lived this reality a couple of years ago and joins us this week in episode 354 to share the lessons from that experience. We'll take you through how Dave processed the news of being laid off, the warning signs he missed, when he knew it was time to begin searching for a new role, how he thought about what to do next, and the critical importance of his personal and professional network throughout this process. Regardless of your age or the size of your professional network, Dave shares actionable suggestions for building professional connections that we all may be overlooking. Original Recording Date: 10-28-2025 Topics – Background and the Impact of a Layoff Event, Initial Forward Progress and Reliance on a Professional Network, Skills Gaps and Unexpected Positives, Elements of the Personal and Professional Network, Reaching Closure and Reflecting Back on the Lessons 2:27 – Background and the Impact of a Layoff Event Dave Stevens is a Field Solutions Architect at Pure Storage. In this role, Dave is a technical overlay for pre-sales technical personnel at Pure across North America. This is the role Dave took after he was impacted by a layoff. What was Dave's role before he was impacted by a layoff event? For context, the layoff event we discuss in this episode took place around 2.5 years before this recording. Dave was classified as a systems engineer or pre-sales technical resource at his employer supporting multiple account reps. It was more of a solutions architect type of role, and Dave highlights his entry into this organization and role was via acquisition. Was there an element of technical marketing to the role? Nick mentions that Dave often had to attend trade shows in this role. Dave had a virtualization background and went to a lot of events to discuss how his company's products integrated with those different technology ecosystems. The day Dave was laid off started as a normal day at his home office. His boss was based in Europe, so most 1-1 calls were usually late in the day his boss's time (early afternoon for Dave). A meeting popped up that was earlier than usual, but Dave didn't think anything of it. Right after Dave joined the remote session for the meeting, someone from HR joined followed by Dave's boss. Dave wasn't quite sure what to expect and didn't know what was happening. He didn't know if it was a layoff coming or some other kind of situation happening at his company. When Dave was laid off, they told him it was not for performance reasons, but there weren't really any other details provided on why he was being laid off. “So, at that point it was just like, ‘what do I do?'” – Dave Stevens, on receiving layoff news After receiving the news, Dave's access to company systems like e-mail was quickly cut off. He went downstairs and spent the rest of his day relaxing. Dave did not want to talk about what happened any further that first day. Did Dave struggle with separating his identity from his employer or the job he held at all when this happened? Dave says he did, at least a little bit. Dave wanted to be successful in whatever role he found himself, and the reason he was in the systems engineering role at the time of the layoff event is a result of his drive to be successful in the years leading up to that role. “I also wanted to make sure that…the people that I worked with that I enjoyed working with. If I didn't enjoy working with them, then there was no reason to continue staying there. So that's part of my identity on how I interact with work.” – Dave Stevens In the early days of Twitter (now X), Dave defined an identity there. He also created a personal blog. Dave says his identity was often tied to where he worked. “Once this all happened, I just kind of cut that off. And I needed some time to really digest what I just went through that day.” – Dave Stevens Is there something Dave wishes people had done for him when this first happened? Dave says he wishes he would have listened to his wife. Before experiencing the layoff event, a number of colleagues who had entered the company through acquisition like Dave were either leaving or had been laid off (including his boss being laid off). At the time, Dave didn't think much about these events. Dave's wife had encouraged him to look for other jobs before the layoff happened, and he feels he should have listened. “It's much easier finding a job when you have a job. There's not as much pressure on you. You can take your time and really find the job that you want. That's the one thing that kind of took me by surprise….” – Dave Stevens Did Dave's wife also point him in a direction or provide feedback on the type of work he should pursue? We've spoken to previous guests who had spouses that provided insight into the type of work that made them happy. Dave feels like there has been an element of this in place since he and his wife got married. When Dave got a job opportunity to relocate to the New Hampshire area, his wife had some interesting feedback. “It's great that you're going to make more than you're making at the job you are currently, but I don't want you to take a job just because of money. I want you to take a job because it's something you're interested in doing and you're going to be happy at. So, I've always kept that in the back of my mind every time I go and look for a job….” – Dave Stevens, quoting his wife's advice Dave considered this same advice when pursuing his current role at Pure. Because he enjoyed meeting and speaking with people during the interview process, the decision to accept the role was easy. Liking the people he would be working with was more important than a pay increase. 10:53 – Initial Forward Progress and Reliance on a Professional Network How long did Dave need to process before taking the first actions toward a new role? For the first 3 weeks or so, Dave relaxed a little bit. There were a number of projects at home that he needed to do and some that he wanted to do. Working on the projects helped take his mind off what had happened. Dave mentions he was given a severance for about 3 months and wanted to find a new role within that time period if possible. But if he could not find something in that time period, it would not be the end of the world. Dave tells us it was easier to find work when he was laid off than it is currently. Close to the time of this recording, AWS announced job cuts for up to 30,000 people. He made the conscious decision after those first few weeks to spend the first part of the day searching for new jobs and then continued working on different projects in the afternoons. How did Dave know who to reach out to first? Nick argues that most of us likely don't have a list of who we would call if something like this happened. When Dave came to the New England area, he started working for Dell in tech marketing. Through his work, Dave built a tight bond with many of his co-workers. Dave remembers sending a text message to many of his former co-workers (none of which were still at Dell) asking if they knew of any open opportunities. Dave wanted to understand what former colleagues were working on now and what the culture of their company was like. He started by seeking out people he already enjoyed working with and analyzed whether it made sense to go and work with them again. Was Dave open to different types of roles in his job search, or did that not matter? It had to be interesting work and involve people he wanted to work with or enjoyed working with. Dave says as long as it was something in the tech field, it didn't matter too much. Dave began his career in systems administration and tech support and had experience in the storage industry, with backups, and with Active Directory to name a few areas. He had also done technical marketing and was open to returning to it. Dave also looked at pre-sales systems engineering or solution architect roles. What about taking roles that moved him deeper into a business unit like product management? Dave says product management is interesting work, but depending on the company, the work may not always have the technical aspects he likes. Many of the product managers at Pure are quite technical, but most of the product management roles he observed at other companies were not as technical as he would like. “It just didn't interest me. It wasn't technical enough in nature for me.” – Dave Stevens, on moving into product management It sounds like Dave had done a good job of keeping in touch with people in his professional network over time. “I have always made sure to have a small group of folks that I can just reach out to at any time and…chat about anything…. I've always made sure to have that…. I didn't talk to them all the time, but we all interacted in some way, shape, or form whether it was an e-mail or text messaging…even some stuff on LinkedIn. We all kind of kept in touch…. I had people that I could fall back on and reach out to and get advice from if I needed to. This is the time where I really needed some advice on where to go to next.” – Dave Stevens Dave says he was lucky enough to find a new job before the end of his 3 months of severance pay. Dave's wife commented that she wasn't too worried about him. She knew he had a strong professional network. Did anyone in Dave's professional network ask him what he wanted to do next, or did they just start making recommendations based on what they knew about him? Dave says it was a little bit of both. Some people pointed Dave to specific open roles in the same group where they worked (still in tech, of course), while others directed him to the company job site and offered to act as a referral for him. Dave tells us he's very willing to give others a referral. “I want to make sure that people that I know and I like to work with come to work with me.” – Dave Stevens Dave says he also turned on the Open to Work banner on LinkedIn. While this did result in many recruiters reaching out to Dave, many of the opportunities they contacted him about were not interesting. Dave is hearing from many in our industry that bots are reaching out to people and trying to take advantage of them. His advice is that we need to be guarded in our interactions on LinkedIn as a result to avoid scams. 19:10 – Skills Gaps and Unexpected Positives What kinds of skills gaps did Dave see when seeking new opportunities? For context, this was roughly 2.5 years ago. Dave says at that time, AI wasn't as helpful as it is today and was not something that was interesting to him. Dave tells us he uses AI heavily today compared to back then. Dave felt confident in the knowledge and skillset he had built through years of industry experience. Ideally, he would land a new role that overlapped those areas, but if a new role required coming up to speed quickly, he would do what was needed. Dave started looking at public cloud and certifications related to Azure and AWS. “Although it was interesting, it wasn't really what I wanted to do.” – Dave Stevens, on public cloud technologies compared to the technologies with which he was familiar What were some of the unexpected positive outcomes of getting laid off even though it was difficult in the beginning? One positive, according to Dave, is the amount of people in his network he was able to reach out to on LinkedIn. So many people were open to helping. The only negative Dave thinks is maybe not acting quickly enough in starting his job search. “It's really about building not only your personal network but your professional network. And my professional network really came to my rescue and helped me understand that…it's not the end of the world. You're going to make it. You're going to do fine. But let me know if there's any way that I can help you in that journey that you're on right now.” – Dave Stevens Were there any things Dave and his wife had done (conscious or unconscious) to prepare for the layoff event based on market trends? Dave says his wife is very good at managing their home budget, and since they got married, they intentionally build a financial nest egg they could lean on in the event Dave was out of a job. 22:27 – Elements of the Personal and Professional Network What are some of the things Dave is even more intentional about now with his professional network than he was in the past? Dave received some great advice from a co-worker to reach out to one person in his professional network each week. Many times, Dave will do this on LinkedIn or even via text if he has the person's number. “Keep that personal connection going. As much as AI is taking over, as much as we do a lot of things on Zoom, I've learned over my years of working in the industry that there's nothing better than the face-to-face interaction…. It's so much more fun and relaxing to just get out of the office or home office…and just sit down with people and keep that personal connection going.” – Dave Stevens Dave mentions he likes to get together with co-workers in the area every now and then, even if they have the same conversation in person that they would have had on Zoom. It's different and more relaxing. How can younger listeners who may be trying to break into the industry build a professional network when they might not have a deep contact list or large network like someone in the industry for a long time? Nick and Dave talked about this before hitting record and thought it could be helpful to share during our discussion. Dave has a newfound perspective on this from being around his nephews and nieces. The job market is very different today than when Dave first began his career. “Nowadays, resumes just go into a black hole, and you don't necessarily know if you're still in the mix for a current job.” – Dave Stevens Dave has encouraged his nephews and nieces to leverage their personal network to build a professional network. He may know someone who knows someone in the field they want to pursue, for example. “There's no shame or harm in utilizing all your resources…. Utilize your personal network because you don't have the professional network built up yet to help you get that foot in the door.” – Dave Stevens Young people could even use their parents as a way to broaden their own network. It's an opportunity to get introduced to others. Dave uses the example of a chance meeting at a concert that could result in a new connection for someone. Nick would encourage younger listeners to get out to in-person meetup groups on any interesting topic. Go ask people what they are learning, why they work where they work, how they got there, and see if they have advice for you. Dave agrees and has leveraged both local professional groups and meetup groups in the New Hampshire area to meet new people. This is expanding your local professional network as Dave calls it (not to be confused with your global professional network) and is a great thing to do when you move to a new place. You never know when a conversation at a local meetup might help you get a warm lead on a job that will be posted soon. Did the layoff come up in interviews at all? How did Dave handle that? Dave says some people brought it up. In other cases, he brought it up in conversation, wanting people to know he was not let go for doing something wrong. 28:22 – Reaching Closure and Reflecting Back on the Lessons How did Dave know he had reached closure on the layoff situation? Dave thinks he was motivated to take action toward finding a job due to a fear of boredom. He had been working on various projects but knew he would run out of them at some point. Dave had enough time to adjust to not having a job, and he was ready to begin doing some kind of work again. “I didn't want to get bored. I hate being bored. I hate being bored at work. I hate being bored in general. That's really what the impetus was for me to go out and start looking…that fear of relaxing for too long and being bored.” – Dave Stevens At this point Dave reached further into his professional network beyond that first group of friends and former colleagues he mentioned earlier. Does taking action in a direction mean we're ready to move on from what happened? Is it when we have to discuss what happened in an interview, or is it something else? How do we measure this? Dave says it was easier to accept and felt mostly behind him when he was actively looking for a new position. He knew only he could take the actions to move forward. The feeling of what happened before went completely away when Dave accepted a new job at Pure. Dave feels he was very lucky to find a role. Lining up multiple interviews gave Dave momentum and a feeling of positivity. “I feel that people understand that I have the skills for these jobs. Otherwise, I wouldn't have gotten 5 job interviews as quickly after I really started taking action to look for a job. So, I got lucky.” – Dave Stevens If Dave had to do it all again, what would he do differently? Dave feels he has about 10 more years left working in the tech industry. For now, Dave enjoys the job he has, wants to excel doing it, and wants to continue growing. Dave currently works for the best boss he's had to date. “He not only pushes me, but he pushes our entire team to just get better….” – Dave Stevens, on his current manager Dave tells us he does not want to be a people manager or a product manager. “I want to continue to excel and expand my depth of knowledge across the virtualization industry and the storage industry.” – Dave Stevens The work at Pure is very interesting to Dave, which is also motivating him to continue learning and excelling. Part of this is using more AI-focused tooling as it becomes available to use. What does Dave think the role of AI tools is in helping with one's job search? There are a number of tools out there we can leverage to analyze our resume. Dave suggests keeping track of which tool we've used to analyze our resume because that could be used to train a model. In addition to this, use AI to research companies. Use them to help you understand what companies are like and what their culture is like. Many people in a sales role within Pure, for example, use an AI tool of some kind to learn more about their customers. Nick reiterates the nuances of acquisitions. Dave worked for a company that was acquired by another company. Over time there was a pattern of people from the company which was acquired being laid off. Perhaps this is a sign we should watch for and prepare. Dave says we need to be looking at and listening for the signs coming toward us. He listens to his wife more intently when she makes a suggestion. Dave continues to check in with people in his professional network and offers advice when they need it. Dave would encourage all of us to use our personal and professional network if we end up in the situation he was in (experiencing a layoff). “Not everybody is going to be able to help you or is willing to reach out and help you, but when someone does…don't just brush it aside as they want something out of this. They probably genuinely want to help you. So, take advantage….” – Dave Stevens If you want to follow up with Dave on this conversation, Connect with Dave on LinkedIn Check out Dave's blog site Mentioned in the Outro The three week period Dave took to work on projects may have been what gave him the clarity on the type of work he did and did not want to do once he began his search. Dave mentions getting some great advice from his wife and her emphasis on him pursuing roles that would make him happy and be enjoyable work. This echoes something similar to what Brad Christian shared in Episode 264 – Back to Basics: Technology Bets and Industry Relationships with Brad Christian (2/2) when it came to choosing what to do next after a layoff. If you enjoyed this format and want to hear other stories of people recounting their layoff experience, check out these episodes featuring Jason Gass. He talks about the lost art of supporting others in episode 343, which aligns very well with Dave's advice on building our personal and professional network. Episode 342 – Planting Seeds: Networking and Maneuvering Unexpected Job Loss with Jason Gass (1/2) Episode 343 – The Lost Art: Marketplace Heartbeat and Finding Closure after a Layoff with Jason Gass (2/2) Contact the Hosts The hosts of Nerd Journey are John White and Nick Korte. E-mail: nerdjourneypodcast@gmail.com DM us on Twitter/X @NerdJourney Connect with John on LinkedIn or DM him on Twitter/X @vJourneyman Connect with Nick on LinkedIn or DM him on Twitter/X @NetworkNerd_ Leave a Comment on Your Favorite Episode on YouTube If you've been impacted by a layoff or need advice, check out our Layoff Resources Page. If uncertainty is getting to you, check out or Career Uncertainty Action Guide with a checklist of actions to take control during uncertain periods and AI prompts to help you think through topics like navigating a recent layoff, financial planning, or managing your mindset and being overwhelmed.

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous. He distinguishes between Disaster Recovery (business continuity for operational errors) and Cyber Resilience (recovering from a malicious attack where data and identity are untrusted) .Matt speaks about the "dirty secrets" of cloud-native recovery, explaining why S3 versioning and replication are not valid cyber recovery strategies . The conversation shifts to the critical, often overlooked aspect of Identity Recovery. If your Active Directory or Entra ID is compromised, it's "ground zero” and you can't access anything. Matt argues that identity must be treated as the new perimeter and backed up just like any other critical data source .We also explore the impact of AI agents on data integrity, how do you "rewind" an AI agent that hallucinated and corrupted your data? Plus, practical advice on DORA compliance, multi-cloud resiliency, and the "people and process" side of surviving a breach.Guest Socials - ⁠Matt's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions:(00:00) Introduction(02:20) Who is Matt Castriotta?(03:20) Defining Cyber Resilience: The Ability to Say "No" to Ransomware(05:00) Why "I Have Backups" is Not Enough(06:45) The Difference Between Disaster Recovery and Cyber Recovery(10:20) Cloud Native Risks: Versioning and Replication Are Not Backups(12:50) DORA Compliance: Multi-Cloud Resiliency & Egress Costs(15:10) The "Shared Responsibility Model" Trap in Cloud(17:45) Identity is the New Perimeter: Why You Must Back It Up(22:30) Identity Recovery: Can You Restore Your Active Directory in Minutes?(25:40) AI and Data: The New "Oil" and "Crown Jewels"(27:20) Rubrik Agent Cloud: Rewinding AI Agent Actions(29:40) Top 3 Priorities for a 2026 Resiliency Program(33:10) Fun Questions: Guitar, Family, and Italian Food

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.With 15+ years in IT security, Chris has worked across Microsoft's security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He's now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.In this episode, Chris explores the limitations of Active Directory security and how Microsoft's new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.Guest BioFor over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.Guest Quote “It's not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”Time stamps01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP02:00 The Hybrid Identity Attack Playbook06:03 Active Directory vs. Entra ID: The Security Gap09:02 Breaking Down Global Secure Access11:58 What This Looks Like for Real Users16:17 Bringing Zero Trust to the Network Layer17:50 What You Need to Deploy Global Secure Access20:48 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Christopher on LinkedInLearn more about glueckkanja AGWatch Christopher's talk at HIPConf 2025Connect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Parce que… c'est l'épisode 0x673! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Introduction Dans cet épisode technique du podcast, Yoan Schinck, directeur de la pratique de cyber réponse chez KPMG Canada, partage son expertise sur le threat hunting utilisant le Kusto Query Language (KQL). Fort de 12 ans d'expérience en technologies de l'information, dont 6 ans chez KPMG et la moitié en cybersécurité, Schinck se spécialise dans la réponse aux incidents, particulièrement les ransomwares et les compromissions de courriels d'affaires (business email compromise). Le workshop de threat hunting Lors de l'événement DeathC, dédié au detection engineering et au threat hunting, Schinck a conçu un workshop intitulé “Threat hunting en KQL 101”. Ce workshop vise à démontrer comment effectuer du threat hunting dans l'environnement Microsoft Sentinel en utilisant le KQL, le langage de requête pour explorer les données dans l'univers Microsoft. L'accent est mis particulièrement sur la télémétrie de Microsoft Defender for Endpoint, un choix stratégique reflétant la réalité du terrain où les organisations utilisant Sentinel travaillent généralement avec la suite de produits Microsoft Defender. Infrastructure et méthodologie Pour créer un environnement d'apprentissage réaliste, Schinck a mis en place une infrastructure comprenant deux machines virtuelles : un client Windows et un serveur Windows. Sur ces machines, il a exécuté une attaque complète simulée, couvrant toutes les étapes depuis l'accès initial jusqu'à l'exfiltration de données. Cette approche synthétique permet aux participants d'explorer des artefacts d'attaque authentiques dans un environnement contrôlé. L'infrastructure incluait également des politiques d'audit avancées Windows pour capturer des événements spécifiques dans le Security Event Log, notamment pour les processus, la gestion des utilisateurs et la création de comptes. Un déploiement de Sysmon avec une configuration étendue complétait le dispositif de collecte de données. Tous ces événements étaient ensuite envoyés vers Microsoft Sentinel, créant ainsi un environnement réaliste de threat hunting. Les organisateurs de DeathC ont fourni l'infrastructure on-premise, incluant le contrôleur de domaine, l'Active Directory, le Windows Event Collector et la configuration des Group Policies pour le transfert des événements Windows. Schinck s'est chargé de créer les deux machines virtuelles localement, de les joindre au domaine et d'installer Microsoft Defender for Endpoint avant d'exécuter son scénario d'attaque. Contenu pédagogique du workshop Le workshop est structuré en quatre catégories principales de threat hunting. La première se concentre sur les vecteurs d'accès initial, explorant différentes techniques pour identifier comment un accès a été obtenu. La deuxième catégorie examine les services Windows, analysant leur création, exécution et configuration pour détecter les abus potentiels par des attaquants. La troisième catégorie explore les tâches planifiées (scheduled tasks), un concept similaire aux services Windows en termes d'opportunités de hunting. Schinck souligne que la maîtrise de l'une de ces techniques facilite l'apprentissage de l'autre en raison de leurs similarités conceptuelles. Enfin, la quatrième catégorie aborde le hunting au niveau réseau en utilisant l'enrichissement de sources externes, notamment le projet Living Off Trusted Sites (LOTS) de Mr. D0x, qui répertorie les sites et domaines internet pouvant être abusés par des attaquants. Pour les participants plus expérimentés, Schinck propose un défi bonus : effectuer les mêmes analyses en utilisant la télémétrie Sysmon ou les Windows Event Logs plutôt que les données de Microsoft Defender for Endpoint. Cette approche alternative permet d'explorer différentes sources de données et de développer une compréhension plus complète du threat hunting. Expérience terrain et cas pratiques L'expertise de Schinck en réponse aux incidents enrichit considérablement le workshop. Il partage des observations concrètes issues de ses interventions, notamment l'abus fréquent des comptes de service par les attaquants. Ces comptes, souvent configurés comme des comptes utilisateurs normaux dans Active Directory avec simplement le préfixe “SVC”, peuvent être exploités pour des connexions RDP sur des systèmes où ils ne devraient pas avoir accès. Schinck recommande de chasser activement ces anomalies en surveillant les connexions de comptes de service entre serveurs, particulièrement celles survenant en dehors des heures normales de travail. Un autre pattern récurrent concerne l'emplacement des fichiers malveillants. Les attaquants déposent fréquemment leurs binaires ou scripts dans des emplacements moins surveillés comme la racine de Program Data, le dossier Users Public, ou divers répertoires AppData. Lors d'une intervention récente sur un cas de ransomware, Schinck a identifié rapidement un fichier DLL suspect dans le dossier Users Public, qui s'est révélé être un backdoor Cobalt Strike. Méthodologie de hunting et conseils pratiques Schinck insiste sur l'importance de filtrer le bruit dans les données de threat hunting. Une technique qu'il privilégie consiste à utiliser la fonction “distinct” pour regrouper les résultats uniques. Par exemple, lors de l'analyse de commandes PowerShell, plutôt que de parcourir 15 000 exécutions individuelles, le regroupement par lignes de commande distinctes peut réduire le jeu de données à 500 entrées, rendant l'analyse visuelle beaucoup plus efficace. Il souligne également que l'œil humain possède une capacité remarquable à détecter des anomalies. En parcourant lentement 50 lignes de commande PowerShell sans filtres additionnels, un analyste expérimenté peut souvent repérer des éléments suspects. Cette capacité repose sur deux piliers : la connaissance approfondie de son environnement et l'expérience accumulée à travers de multiples incidents. Accessibilité et reproductibilité Un aspect important du workshop est son accessibilité. Schinck démontre qu'il est possible de créer un environnement de threat hunting fonctionnel avec seulement deux machines virtuelles, un Windows Event Collector et Microsoft Sentinel. Cette simplicité rend l'apprentissage accessible à quiconque souhaite créer un homelab, même sur un ordinateur personnel ou portable. Il note qu'au Québec, le stack Microsoft (Sentinel et Defender) est devenu très populaire ces dernières années, rendant ces compétences particulièrement pertinentes. Paradoxalement, il observe que très peu d'organisations déploient Sysmon ou collectent les Security Event Logs dans Sentinel, malgré la gratuité de ces outils et leur valeur considérable en cas d'incident. Conclusion Le workshop de Yoan Schinck offre une approche pragmatique et réaliste du threat hunting en KQL, combinant expertise technique et expérience terrain. En se concentrant sur des scénarios d'attaque concrets et des outils largement déployés en entreprise, il prépare efficacement les participants aux défis réels de la cybersécurité moderne. Sa philosophie est claire : une fois les concepts de threat hunting maîtrisés, ils peuvent s'appliquer à n'importe quel produit ou langage de requête, seule la syntaxe change. Collaborateurs Nicolas-Loïc Fortin Yoan Schinck Crédits Montage par Intrasecure inc Locaux réels par DEATHcon Montréal

This episode features Daniel Stefaniak, Vice President Architect - Cybersecurity and Identity at JPMorgan Chase.With deep experience as an IT architect, consultant, and technical program manager, Daniel has helped design and deploy large-scale IAM and CIAM solutions that support millions of users. He is widely recognized for his expertise in Active Directory and Entra ID and for bringing clear, unfiltered insight into some of the industry's toughest identity challenges.In this episode, Daniel explains why attack path management is never a one-and-done effort, how to focus on the high-impact issues that matter most, and why success depends on dedicated ownership rather than tools alone.This is an honest and practical look at what it truly takes to understand and manage attack paths in modern identity environments.Guest Bio Experienced IT Architect, Consultant, and Technical Program Manager specializing in Active Directory and Entra ID (Azure AD). A recognized industry leader in Identity and Access Management (IAM) and cybersecurity, with extensive expertise designing and deploying large-scale cloud-based IAM and CIAM solutions supporting millions of users.Former Microsoft Program Manager, instrumental in driving technical content, readiness, and enterprise adoption of Azure AD. Proven ability to lead end-to-end project lifecycles, align security strategies with regulatory requirements, and design robust directory and identity federation solutions.Guest Quote " You cannot be an active directory admin or an architect owner of the service, and run an attack path management program on the side. You need a dedicated team to do it.”Time stamps 01:05 Meet Daniel Stefaniak: The IAM Guy 02:08 The Insanity of Attack Path Management 03:27 Challenges and Realities of Attack Path Management 07:57 Choosing the Right Tools 10:32 Implementing Effective Attack Path Management 12:50 Using OKRs in Tech Path 14:50 Team and Resource Requirements 16:20 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Daniel on LinkedInLearn more about JPMorgan ChaseConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Newly minted Microsoft MVP, pentester, and returning guest Spencer Alessi joins The PowerShell Podcast to talk about growth, giving back, and building security through PowerShell. Spencer shares lessons from his journey from sysadmin to pen tester, including the importance of learning from mistakes, documenting wins, and advocating for yourself in your career. He also introduces his latest open-source project, AppLocker Inspector, and discusses tools like Locksmith, Pink Castle, and Purple Knight that help IT pros secure their environments and build confidence in automation and defense.   Key Takeaways: Grow through mistakes – Learn from both your own missteps and those of others; every lesson strengthens your technical and professional skills. Security tools for sysadmins – Free PowerShell-based tools like AppLocker Inspector, Locksmith, and Purple Knight offer practical wins for securing Active Directory. Advocate for yourself and give back – Track your wins, share your work, and pay forward the mentorship and generosity that helped you grow. Guest Bio: Spencer Alessi is a Microsoft MVP, penetration tester, and community educator passionate about helping sysadmins strengthen their environments. Known online as @TechSpence, he creates approachable content and tools focused on helping sysadmins o improve security. Spencer is also a podcast host, public speaker, and strong advocate for mentorship, authenticity, and continuous learning in tech.   Resource Links: Spencer on PDQ Live - https://www.youtube.com/watch?v=j33dN2bELPU AppLocker Inspector – https://github.com/techspence/AppLockerInspector Purple Knight – https://www.semperis.com/purple-knight/ Ping Castle – https://www.pingcastle.com/download/ Locksmith (ADCS Auditing Tool) – https://github.com/jakehildreth/locksmith ADeleginator – https://github.com/techspence/ADeleginator Spencer's Links – https://links.spenceralessi.com Cyber Threat Perspective Podcast – https://offsec.blog Connect with Andrew - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=lPoc8X7t0hY&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=0gcJCbAEOCosWNin The PowerShell Podcast on YouTube: https://youtu.be/E4ji0-rmsuA

(Disclaimer: erstellt mit ChatGPT)Hallo liebe Community,Willkommen zum ersten Advents-Special 2025 von Talk Microsoft 365!Michael und Thorsten haben sich festlich eingemummelt (naja… zumindest eine Mütze

Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike's passion for photography and how creativity ties into continuous learning in tech.Connect with Mike: https://www.linkedin.com/in/mreiring/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Intro – Live from InfoSec World 202502:00 Meet Mike Reiring of RSM04:30 Evolution of Managed Service Providers06:30 Shared Accounts, Identity, and Security Maturity09:00 Vendor Gaps and Federated Access Challenges11:30 What Makes a Good MSP Partner13:00 The Cost and Effort of Changing Providers16:30 MSP vs MSSP – Key Differences18:30 Coordination Between Managed Providers21:30 Top 3 Questions to Ask Your MSP25:00 Identity Ownership: IT or Security?27:30 Licensing, Active Directory, and Hidden Accounts30:00 RFP Challenges and Procurement Pitfalls32:00 Measuring Risk and Reducing Identity Exposure34:30 Vendor Management and Shadow IT Risks35:00 How AI Is Transforming MSP and MSSP Operations38:30 AI, Problem Management, and the Future of Help Desks42:30 Photography, Creativity, and Continuous Learning48:00 Closing Thoughts and IDAC OutroKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast

Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?"  It's not a pro-AI celebration, nor is it an anti-AI bashing.  Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.

Parce que… c'est l'épisode 0x665! Shameless plug 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Dans cet épisode, l'équipe composée de Nicolas, Dominique et Cindy explore les mesures d'hygiène de base en cybersécurité que les petites et moyennes entreprises devraient mettre en place. L'objectif est d'identifier les solutions peu coûteuses qui offrent un gain important en sécurité et qui aident les organisations à répondre aux exigences de certifications et de conformité. L'authentification et la gestion des mots de passe Le premier pilier essentiel abordé concerne l'authentification et la gestion des mots de passe. Contrairement à ce que certains pourraient penser, les mots de passe demeurent un enjeu critique et représentent la faiblesse numéro un dans la majorité des tests d'intrusion. Cette problématique touche autant les mots de passe utilisés pour se connecter aux services externes que ceux utilisés à l'interne, incluant les comptes de service. L'équipe recommande fortement l'adoption de l'authentification unique (SSO) dès que possible, malgré l'existence d'une liste de la honte recensant les entreprises qui forcent leurs clients à prendre des forfaits coûteux pour accéder au SSO. Le principe est simple : moins il y a de mots de passe, mieux c'est. L'utilisation d'un gestionnaire de mots de passe s'avère non négociable. Il ne suffit pas de demander aux employés d'utiliser des mots de passe différents et complexes pour chaque site sans leur fournir les outils appropriés. Les experts mettent en garde contre l'utilisation des gestionnaires intégrés aux navigateurs web comme Chrome ou Edge, qui ne sont pas de qualité égale aux véritables gestionnaires de mots de passe autonomes disponibles sur le marché. Un point crucial soulevé est que si quelqu'un compromet une machine en tant qu'administrateur, il peut accéder à tous les mots de passe stockés dans le navigateur, alors qu'un gestionnaire de mots de passe dédié nécessite le mot de passe maître pour y accéder, offrant ainsi une protection supplémentaire même en cas de compromission de la machine. La protection des postes de travail Le deuxième élément fondamental concerne ce qu'on appelait autrefois les antivirus, maintenant connus sous le nom d'EDR (Endpoint Detection and Response). Cette protection minimale devrait être mise en place sur tous les environnements, même sur les ordinateurs Mac. Bien que les EDR ne soient pas infaillibles et puissent être contournés, ils représentent un premier niveau de protection accessible financièrement. L'équipe souligne l'importance de choisir un EDR adapté aux besoins spécifiques de l'entreprise en considérant plusieurs facteurs : le prix, la quantité de postes à protéger, le support offert, l'interface utilisateur, et la présence ou non de ressources techniques internes capables de gérer la solution. Certains EDR sont plus faciles à administrer tandis que d'autres offrent plus d'options mais nécessitent des formations et du personnel qualifié. Ces solutions deviennent de plus en plus accessibles pour les PME et constituent une brique essentielle de la sécurité. Les mises à jour automatiques Le troisième pilier aborde la question du patching, ces fameuses mises à jour souvent perçues comme un mal nécessaire. Pour les PME, la recommandation est claire : activer le patching automatique plutôt que de compter sur une vérification manuelle quotidienne. Cette approche s'applique non seulement aux systèmes internes mais aussi aux applications web comme WordPress. Un point important soulevé est que l'activation du patching automatique implique probablement d'avoir une bonne gestion des sauvegardes. Par exemple, si WordPress se met à jour automatiquement le mercredi, il est prudent de faire une sauvegarde le mardi pour pouvoir restaurer rapidement en cas de problème. Cette règle s'applique également aux serveurs internes, même si certains secteurs comme le manufacturier ou l'industriel peuvent nécessiter une approche plus nuancée. Il est rappelé que dans le cadre de Sécuritaire Canada, une des questions d'évaluation porte justement sur l'activation du patching automatique pour les postes de travail, ce qui devrait être une pratique standard. La gestion des sauvegardes Le quatrième élément essentiel concerne les sauvegardes. Une recommandation cruciale est de ne jamais joindre les sauvegardes au domaine. L'équipe partage plusieurs anecdotes illustrant les conséquences d'une mauvaise gestion des sauvegardes, comme la perte de dix ans de photos personnelles ou l'impossibilité d'accéder à une sauvegarde chiffrée dont le mot de passe était uniquement stocké sur la machine principale défaillante. La qualité d'une sauvegarde est égale à la dernière fois qu'elle a été testée. Les experts ont vu des situations catastrophiques où des organisations pensaient avoir des sauvegardes fonctionnelles mais ne les avaient jamais testées, pour découvrir leur inefficacité au moment d'un incident. Les sauvegardes ne servent pas uniquement en cas d'incident de sécurité, mais aussi lors de bris matériels, d'incendies ou d'autres catastrophes. Un conseil important : bien que le chiffrement des sauvegardes soit essentiel, il faut s'assurer que la clé principale n'est pas uniquement stockée sur le système sauvegardé. Il en va de même pour le mot de passe maître d'un gestionnaire de mots de passe, qui devrait être conservé sur papier quelque part en lieu sûr. Mesures complémentaires Au-delà de ces quatre piliers fondamentaux, l'équipe propose quelques mesures additionnelles. Pour les entreprises ayant un site web, l'utilisation d'un service de proxy comme Cloudflare permet d'ajouter une couche de protection accessible, voire quasi gratuite pour les PME. Bien que non infaillible, cette solution offre de la détection et une protection contre les exploits potentiels, tout en améliorant la performance et la rapidité du site. Pour les organisations utilisant Active Directory, deux outils gratuits sont recommandés : Purple Knight de Semperis et Pink Castle (récemment acquis par Tenable). Ces outils permettent de réaliser des audits de configuration et fournissent un score de sécurité sans avoir à engager immédiatement un auditeur externe coûteux. Ils génèrent des rapports en HTML, PDF ou Excel permettant d'identifier et de corriger les problèmes de configuration les plus évidents. L'importance de la base L'équipe insiste sur le fait qu'avant d'investir dans des outils complexes et coûteux comme la surveillance du dark web, il est primordial d'avoir une base solide. Comme pour une maison, si les fondations sont bancales, la plus belle construction s'effondrera. La bonne nouvelle est que cette base n'est pas nécessairement coûteuse et que de nombreux outils gratuits ou peu dispendieux existent pour établir un diagnostic et améliorer sa posture de sécurité. Un dernier point crucial, qui fera l'objet d'un épisode ultérieur, concerne la sensibilisation des employés. Ceux-ci peuvent être le meilleur allié ou la pire faiblesse d'une organisation. Il ne s'agit pas d'une formation ponctuelle mais d'un effort continu. En conclusion, les experts rappellent que ces éléments de base sont précisément ceux qui sont vérifiés dans les formulaires d'assurance et les certifications. Prendre ces mesures préventives est comparable à une visite médicale préventive : c'est beaucoup moins coûteux et traumatisant qu'une opération d'urgence suite à un incident majeur. Consulter un expert pour mettre en place ces mesures de base coûte généralement moins cher que de gérer les conséquences d'une cyberattaque. Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Cyndie Feltz Nicholas Milot Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He's helped organizations redefine what it means to build security cultures that actually work.In this episode, Nathan explains why communication (not technology) s a CISO's most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.This is an insightful look at the people-first mindset behind stronger, more resilient security programs.Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program managementGuest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan's Advice for Security LeadersSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Nathan on LinkedInLearn more about OptivConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Les collectivités territoriales sont devenues des cibles de choix pour les cybercriminels : budgets limités, données citoyens sensibles, systèmes d'information complexes parfois insuffisamment protégés. En février 2021, Angers Loire Métropole rejoint la liste des victimes avec une attaque ransomware qui compromet totalement son SI. Luc Dufresne, RSSI de la métropole, revient sur cette nuit où un attaquant opportuniste a pénétré le réseau.De la coupure immédiate d'Internet aux affiches dans les ascenseurs informant les agents de ne pas allumer leurs ordinateurs, notre invité raconte la gestion humaine et technique d'une crise qui a duré plusieurs mois. Il partage les leçons tirées de cette expérience : reconstruction à partir d'un cœur de confiance sécurisé, déploiement d'un SOC pour détecter les signaux faibles, sensibilisation renforcée des collaborateurs, et transformation de la culture cyber au sein de l'organisation.

In this milestone 200th episode of The PowerShell Podcast, Frank Lesniak returns to chat with Andrew Pla about automation, community, and what it means to “bet on yourself.” Frank shares his experiences leading cybersecurity and enterprise architecture projects, using PowerShell for AWS security automation, and developing tools to simplify complex data exports. He also discusses the upcoming PowerShell Summit, his work with DuPage Animal Friends, and the value of giving back through mentorship, community involvement, and open source.   Key Takeaways: PowerShell in the cloud – Frank dives deep into AWS automation and explains how PowerShell can simplify security and configuration management at scale. From console to community – After years of speaking and mentoring, Frank emphasizes how collaboration and consistent effort lead to career growth and confidence. Giving back through leadership – As VP of DuPage Animal Friends, Frank highlights the power of using your professional skills for good beyond tech. Guest Bio: Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where he leads a 45-member team focused on Microsoft's M365/Modern Work platform. His team specializes in navigating the technical complexities of corporate M&A, executing at-scale divestitures and integrations centered on Azure, Microsoft 365, Entra ID, Active Directory, and Windows. An active contributor to the tech community, Frank is a published author, open-source contributor, and a frequent speaker at conferences and user groups on topics including PowerShell, artificial intelligence, and offbeat technical talks related to his hobbies. In his local community, he serves as the Vice President of DuPage Animal Friends, a non-profit dedicated to supporting DuPage County's sole open-admission animal shelter.   Resource Links: Connect with Frank -https://linktr.ee/franklesniak Frank Lesniak on X (Twitter) – https://x.com/FrankLesniak Frank on LinkedIn – https://linkedin.com/in/flesniak Connect with Andrew - https://andrewpla.tech/links DuPage Animal Friends – https://dupageanimalfriends.org Previous Podcasts with Frank - https://powershellpodcast.podbean.com/?s=Frank%20Lesniak PowerShell Wednesdays – YouTube Playlist PDQ Discord (PowerShell Scripting Channel) – https://discord.gg/PDQ PowerShell Summit OnRamp Scholarship – https://www.powershellsummit.org/on-ramp/ The PowerShell Podcast on YouTube: https://youtu.be/cQvs5s3T1DA

Parce que… c'est l'épisode 0x657! Shameless plug 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Introduction Ce podcast explore la relation complexe entre les équipes Red Team et les solutions EDR (Endpoint Detection and Response), en mettant l'accent sur les dimensions business plutôt que purement techniques. Charles F. Hamilton partage son expertise terrain sur l'évasion des EDR et démystifie la confiance aveugle que beaucoup placent dans ces solutions présentées comme magiques. La réalité des EDR : au-delà du marketing Les EDR sont souvent vendus comme des solutions universelles de protection, mais cette perception cache une réalité plus nuancée. Il existe plusieurs types de solutions (EDR, XDR, NDR) avec des capacités différentes, notamment au niveau de la télémétrie réseau et de l'enrichissement des données. L'industrie de la cybersécurité reste avant tout un business, où les décisions sont guidées par des considérations financières, de croissance et de parts de marché plutôt que uniquement par la protection des utilisateurs. Un aspect troublant est la romanticisation des groupes d'attaquants par certaines compagnies de détection, qui créent des figurines géantes et des noms accrocheurs pour ces groupes criminels lors de conférences. Cette approche marketing peut paradoxalement valoriser le crime et encourager de nouveaux acteurs malveillants. Fonctionnement technique des EDR Les EDR fonctionnent sur plusieurs niveaux de détection. D'abord, l'aspect antivirus traditionnel effectue une analyse statique avant l'exécution d'un binaire. Ensuite, la détection en temps réel utilise diverses techniques : le user mode hooking (de moins en moins populaire), les callbacks dans le kernel, et ETW (Event Tracing for Windows) qui capture de la télémétrie partout dans Windows. Les EDR modernes privilégient les callbacks kernel plutôt que le user mode, car le kernel offre une meilleure protection. Cependant, le risque est qu'une erreur dans le code kernel peut causer un écran bleu, comme l'a démontré l'incident CrowdStrike. Microsoft a également implémenté les PPL (Protected Process Light) pour empêcher même les utilisateurs avec privilèges système de tuer certains processus critiques. Un point crucial : les Red Teams sont souvent plus sophistiquées que les attaquants réels, précisément parce qu'elles doivent contourner les EDR dans leurs mandats. Techniques d'évasion : simplicité et adaptation Contrairement à ce qu'on pourrait croire, l'évasion d'EDR ne nécessite pas toujours des techniques extrêmement sophistiquées. Plusieurs approches simples fonctionnent encore remarquablement bien. Par exemple, modifier légèrement un outil comme PinkCastle en changeant les requêtes LDAP et en désactivant certaines fonctionnalités détectables (comme les tentatives de zone transfer DNS ou les requêtes SPN) peut le rendre indétectable. Un cas particulier intéressant concerne un EDR qui, suite à son acquisition par Broadcom, a cessé d'être signé par Microsoft. Cette décision business a rendu leur DLL incapable de s'injecter dans les processus utilisant le flag de chargement de DLL signées uniquement par Microsoft, rendant effectivement l'EDR sans valeur de détection. Une stratégie efficace consiste à désactiver la connectivité réseau des processus EDR avant toute manipulation, en utilisant le firewall local. Même si des alertes sont générées, elles ne peuvent pas être transmises au serveur. L'agent apparaît simplement offline temporairement. Les vieilles techniques qui fonctionnent encore De nombreuses techniques d'attaque anciennes restent efficaces car elles ne sont pas assez utilisées par les attaquants standard pour justifier leur détection. Les EDR se concentrent sur le “commodity malware” - les attaques volumétriques - plutôt que sur les techniques de niche utilisées principalement par les Red Teams. Charles cite l'exemple d'une “nouvelle backdoor” découverte en 2024 qui était en fait son propre code archivé sur GitHub depuis 8 ans. Pour les compagnies de sécurité, c'était nouveau car jamais vu dans leur environnement, illustrant le décalage entre ce qui existe et ce qui est détecté. L'importance de la simplicité Un conseil crucial : ne pas suivre les tendances en matière de malware. Les techniques à la mode comme le stack spoofing deviennent rapidement détectées. Charles utilise depuis 6-7 ans un agent simple en C# sans share code ni techniques exotiques, qui passe encore inaperçu. La simplicité et une approche différente sont souvent plus efficaces que la complexité. L'utilisation de Beacon Object Files (BOF) avec Cobalt Strike évite l'injection de processus, réduisant considérablement les artefacts détectables. Recommandations pratiques Pour les organisations, avoir un EDR est essentiel en 2025 pour bloquer les attaques triviales. Mais ce n'est qu'un début. Il faut absolument avoir au moins une personne qui examine les logs quotidiennement, idéalement trois fois par jour. De nombreux incidents de réponse montrent que toute l'information était disponible dans la console EDR, mais personne ne l'a regardée. La segmentation réseau reste sous-développée depuis 15 ans, principalement pour des raisons de complexité opérationnelle. Sysmon devrait être déployé partout avec une configuration appropriée pour augmenter exponentiellement la visibilité, malgré la courbe d'apprentissage XML. La visibilité réseau est ce qui manque le plus aux clients en 2025. Sans elle, il est impossible de valider ce que les EDR prétendent avoir bloqué. Charles donne l'exemple de Microsoft Defender Identity qui dit avoir bloqué des attaques alors que l'attaquant a bel et bien obtenu les hash recherchés. Conclusion L'évasion d'EDR est une spécialisation à part entière, au même titre que le pentesting web ou Active Directory. Le secret est de comprendre profondément Windows, les outils et les EDR eux-mêmes avant de tenter de les contourner. Les entreprises doivent garder l'intelligence à l'interne plutôt que de dépendre entièrement des produits commerciaux. Finalement, la collaboration entre Blue Teams et Red Teams reste insuffisante. Plus de synergie permettrait aux deux côtés de mieux comprendre les perspectives de l'autre et d'améliorer globalement la sécurité. La curiosité et l'apprentissage continu sont les clés du succès dans ce domaine en constante évolution. Notes Training Training Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features Heather Costa, Director of Technology Resilience at Mayo Clinic. With over two decades of experience building resilience programs at leading healthcare institutions, Heather has redefined what it means to prepare for and thrive through disruption. From Cleveland Clinic to Mayo Clinic, she's led enterprise-wide recovery strategies that balance people, process, and technology. In this episode, Heather explains why true resilience starts with leadership, not technology, how to set clear priorities when everything feels critical, and how to design organizations that adapt and recover faster. This is a powerful look at the mindset and methods behind building resilience that lasts in healthcare and beyond. Guest Bio Heather M. Costa is a leading authority in cyber and technology resilience, currently serving as Director of Technology Resilience at Mayo Clinic. With over twenty years of experience, she has shaped resilience programs at premier healthcare institutions, notably pioneering business resilience at Cleveland Clinic before architecting Mayo Clinic's enterprise-wide recovery and continuity initiatives. Heather is a dynamic leader, keynote speaker, and mentor, frequently invited to share her insights at organizations and conferences such as Harvard NPLI, HIMSS, and the HIPAA Summit. She is recognized for building high-performing teams and fostering the next generation of cybersecurity leaders. Heather holds a Master's in Homeland Security – Information Security and Forensics from Penn State, a summa cum laude Bachelor's in Emergency Management from the University of Akron, and multiple esteemed certifications including Certified Business Continuity Professional (CBCP), Certified Cyber Resilience Professional (CCRP). She is Vice President for the WiCyS Healthcare Affiliate and a member of several distinguished honor societies. Outside of work, Heather is a dedicated solo mom to five children, inspiring her family and community with her resilience and leadership. Guest Quote "[Resilience]  means not just recovering, but being better. Adapting, where we're wired in our DNA organizationally, to thrive in disruption, not just survive.” Time stamps 01:08 Meet Heather Costa: Cyber Resilience Expert 04:49 Understanding Resilience in Healthcare 22:36 Starting with Minimal Viable Recovery 25:56 Worst Case Scenario Planning 28:30 Building a Resilient Environment 29:33 Heather's Blue Sky Strategy Planning 35:26 What's Missed When Building Resilience 37:43 Final Advice on Resilience Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Heather on LinkedIn Learn more about Mayo Clinic Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.Key Topics Covered:Early career pivots: Army leadership, perseverance, and precision → IT foundationsCertifications as a fast track (then) vs. blended learning and passion projects (now)The “pick your pain” decision: staying comfortable vs. returning to school to advanceBuilding a CISO gap analysis from job reqs and targeting stretch assignmentsUpgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)Turning tough feedback into growth: from geek speak to boardroom dialogueConsulting variety vs. ownership: when to switch for long-term impactThe 100-day plan: assess → plan → act → measure → adjust (with IR first)Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 daysMetrics as a “health language” and why today's CISO must be a radical collaboratorCarl's story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

Parce que… c'est l'épisode 0x649! Shameless plug 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Comprendre les différences et faire les bons choix Dans cet épisode du podcast Polysécure, l'animateur reçoit Cyndie Feltz, Nicolas Milot et Dominique Derrier pour démystifier deux concepts souvent confondus dans le domaine de la cybersécurité : les balayages de vulnérabilités et les tests d'intrusion. Cette discussion s'avère particulièrement pertinente pour les petites et moyennes entreprises qui doivent naviguer dans un environnement où les exigences de sécurité se multiplient, que ce soit pour obtenir une cyberassurance, répondre à des normes réglementaires ou rassurer des clients. La confusion sur le marché Le podcast débute en soulignant un problème majeur : les entreprises se font souvent imposer des tests de sécurité sans nécessairement comprendre ce qu'elles achètent réellement. Cette pression peut provenir d'une cyberassurance, d'un cadre normatif ou d'un client exigeant. Lorsque ces tests ne sont pas budgétés, les entreprises cherchent naturellement à minimiser les coûts, mais le marché offre toutes les saveurs possibles, et les écarts de prix peuvent atteindre un facteur de dix entre différentes offres. Cette variation crée naturellement de la confusion et des inquiétudes chez les clients. Deux outils complémentaires, mais distincts Les experts s'entendent d'abord sur un point fondamental : ni le balayage de vulnérabilités ni le test d'intrusion ne sont intrinsèquement mauvais. Ce sont simplement deux outils différents qui répondent à des besoins distincts. Le problème survient lorsqu'un vendeur présente l'un comme l'autre, ou inversement, créant ainsi des attentes qui ne seront pas comblées. Un balayage de vulnérabilités est essentiellement un processus automatique. Un outil informatique analyse une application web, un serveur interne ou une adresse IP pour identifier des failles potentielles. Sa mission consiste à générer le maximum de données possibles. L'entreprise paie littéralement pour obtenir une quantité importante d'informations, qu'elle devra ensuite filtrer et prioriser elle-même. Ces scans permettent de détecter des vulnérabilités connues, des CVE et des exploits déjà répertoriés. Le test d'intrusion, quant à lui, implique une intervention humaine. Un expert en sécurité effectue manuellement des tests sur les actifs de l'entreprise en utilisant son expertise et son cerveau pour comprendre le contexte spécifique de l'organisation. Contrairement au scanner automatique, le testeur d'intrusion peut évaluer la logique métier, comprendre où appuyer pour faire mal et exploiter réellement les vulnérabilités découvertes. L'analogie du gardiennage et du cambrioleur Dominique propose une excellente analogie pour illustrer cette différence : un balayage de vulnérabilités ressemble à quelqu'un qui fait le tour d'un bâtiment pour vérifier si les portes sont verrouillées et noter où se trouvent les caméras. Un test d'intrusion, en revanche, correspond à une personne qui tente activement de pénétrer dans le bâtiment en crochetant les serrures, en contournant les systèmes d'alarme et en testant toutes les entrées possibles. Cette dernière approche requiert des compétences beaucoup plus pointues et justifie naturellement des coûts plus élevés, tout en offrant un bénéfice supérieur puisqu'elle vérifie l'efficacité réelle des mesures de sécurité. Quand utiliser chaque approche La première question à se poser n'est pas de savoir s'il faut un scan ou un test d'intrusion, mais plutôt : quel est le besoin réel ? S'agit-il d'une exigence normative qui impose spécifiquement un test d'intrusion ? L'entreprise souhaite-t-elle simplement valider la sécurité de son application ou de son infrastructure ? Pour un produit SaaS exposé sur Internet, les balayages de vulnérabilités sont particulièrement appropriés et peuvent être effectués régulièrement, voire de manière automatisée. Ils permettent de détecter rapidement l'apparition de nouvelles vulnérabilités connues. Pour les entreprises de taille moyenne avec plus de 150 à 200 employés disposant d'une infrastructure interne complexe, incluant par exemple un Active Directory, les scans servent à détecter les CVE et les exploits connus. Cependant, un scan de vulnérabilités ne tentera jamais de compromettre un Active Directory pour devenir administrateur de domaine, contrairement à ce que devrait faire un véritable test d'intrusion interne. La question de la récurrence et de la valeur Les balayages de vulnérabilités présentent l'avantage de pouvoir être effectués fréquemment, mensuellement ou même hebdomadairement. Les entreprises peuvent acheter leur propre licence et administrer ces scans en interne. Si elles font appel à une firme externe, la vraie valeur ajoutée ne réside pas dans le rapport brut, mais dans l'aide apportée pour filtrer et prioriser les résultats. Un fournisseur de services de sécurité managés (MSSP) devrait intégrer ces analyses automatiques dans son offre globale et les mettre en adéquation avec les autres outils de sécurité déjà en place. Recommandations pour les PME Les experts insistent sur plusieurs points essentiels. Premièrement, toutes les entreprises n'ont pas besoin d'un test d'intrusion. Une société de quinze à vingt personnes utilisant Google Workspace et WordPress bénéficierait davantage d'investir dans des révisions de configuration que dans un coûteux test d'intrusion, qui avoisine souvent les cinq chiffres. Deuxièmement, il est crucial de maintenir une bonne gouvernance en s'assurant que l'entité qui gère la sécurité quotidienne ne soit pas celle qui effectue les tests d'intrusion. Cette séparation garantit l'objectivité de l'évaluation, tout comme on ne demanderait pas à son agence comptable de réaliser son propre audit financier. Troisièmement, réduire l'empreinte numérique résout souvent davantage de problèmes qu'un simple test de sécurité. Limiter le nombre d'outils et de services utilisés, bien configurer ceux qui restent, et former adéquatement les équipes constituent des mesures préventives plus rentables qu'un test d'intrusion coûteux qui viendrait simplement confirmer des failles évidentes. Enfin, les experts encouragent les entreprises à considérer leurs mesures de cybersécurité non pas uniquement comme une dépense, mais comme un investissement qui peut devenir un argument de vente. Former les équipes commerciales sur les pratiques de sécurité mises en place permet de transformer cette démarche en avantage concurrentiel, même en l'absence de certification formelle. Conclusion Ce podcast clarifie efficacement un sujet souvent source de confusion pour les PME. La distinction entre balayages de vulnérabilités et tests d'intrusion repose essentiellement sur l'automatisation versus l'intervention humaine, la quantité versus la qualité contextuelle, et la détection versus l'exploitation réelle. Le choix entre ces deux approches doit toujours découler d'une analyse rigoureuse des besoins spécifiques de l'entreprise, de son budget et de ses obligations réglementaires, tout en gardant à l'esprit que la meilleure sécurité commence par des pratiques de base solides et une empreinte numérique maîtrisée. Collaborateurs Nicolas-Loïc Fortin Cyndie Feltz Nicholas Milot Dominique Derrier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.Widely known as “Dr. Zero Trust”, he's the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.Guest Bio Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.Guest Quote" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”Time stamps 01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and AdviceSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Chase on LinkedInLearn more about Demo-Force.comChase's HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse Connect with Sean on LinkedIn Don't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. Jeremy Chapman, Microsoft 365 Director, shows how to start minimizing your local directory and make Microsoft Entra your source of authority to protect access everywhere. ► QUICK LINKS: 00:00 - Minimize Active Directory with Microsoft Entra 00:34 - Build a Strong Identity Foundation 01:28 - Reduce Dual Management Overhead 02:06 - Begin with Groups 03:04 - Automate with Graph & Policy Controls 03:50 - Access packages 06:00 - Move user objects to be cloud-managed 07:03 - Automate using scripts or code 09:17 - Wrap up ► Link References Get started at https://aka.ms/CloudManagedIdentity Use SOA scenarios at https://aka.ms/usersoadocs Group SOA scenarios at https://aka.ms/groupsoadocs Guidance for IT Architects on benefits of SOA at https://aka.ms/SOAITArchitectsGuidance ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

This episode features Jonathon Mayor, Principal Security Consultant for the Americas at Cohesity.A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team, Jonathon has more than 20 years of experience in security operations, forensics, and business continuity, with past leadership roles at EMC, Dell, and Verizon. He's guided Fortune 500 and Global 1000 organizations through high-stakes incident response and recovery.In this episode, Jonathon explains why trust is the first casualty in a cyberattack, how to distinguish between mission critical operations and mission critical response, and why resilience depends as much on people and process as on technology. He shares candid lessons from the field on avoiding endless “what if” scenarios, preparing for the human toll of prolonged incidents, and building flexibility into every plan.This is a practical look at cyber resilience and the critical skills every leader needs to have before the next 2 a.m. incident call. Guest Bio Jonathon Mayor is Principal Security Consultant for the Americas at Cohesity, where he has helped many Fortune 500 and Global 1000 organizations strengthen cyber resilience through threat intelligence, incident response, and recovery strategy. A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team (CERT), his current focus is proactively collaborating with security partners and customers to strengthen security posture and readiness by drawing from the experiences and lessons learned through CERT.With more than 20 years in security operations, forensics, and business continuity, Jonathon has held leadership roles at EMC, Dell, and Verizon, where he oversaw global NOC operations and major incident mitigation.Guest Quote " The thing that's most important that's lost first and hardest to regain is trust. Everything else is secondary. If the very tools that I'm relying on to respond have been compromised, and therefore I can't trust them, where does my plan go from there?”Time stamps 01:10 Meet Jonathan Mayor 03:37 Rethinking What's Mission Critical 12:25 Avoiding Endless What If's 15:50 Paranoia Has a Budget: Prioritizing Risks 21:27 The Human Element in Cyber Defense 25:01 Importance of Mindset Flexibility 27:11 Post-Incident AdviceSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Jonathon on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

In this episode, we're digging into a super awesome Active Directory security tool called PingCastle. We'll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.

This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA.With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident.In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected. He unpacks key lessons on preparing for low-probability, high-impact events, defending against identity misuse, and why trust must always come with verification.This is a behind-the-scenes look at the Snowden breach, and what every cybersecurity leader needs to learn from it.Guest Bio  Chris served as the first national cyber director of the United States, and as deputy director of the NSA for eight years. Chris has spent more than four decades in public service shaping the future of national cybersecurity.His career includes serving as a commissioner on the US Cyberspace, solarium Commission, and as as an advisor to the Department of Defense and the intelligence community. Chris has received numerous honors for his service, including the President's National Security Medal and the DNI distinguished service medal.A U.S. Air Force Academy graduate, he holds advanced degrees in engineering and computer science from Columbia University and the George Washington University. His military career includes over 30 years in the U.S. Air Force and Air National Guard, retiring as a brigadier general. Most recently, he served as a U.S. Naval Academy Looker Distinguished Visiting Professor for cyber studies and as a commissioner on the U.S. Cyberspace Solarium Commission.Guest Quote " The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps 01:29 The Snowden Incident: A Deep Dive 06:07 NSA's Internal Challenges and Lessons Learned 07:29 Organizational Silos and Technical Blind Spots 13:42 Crisis Management and Response Strategies 16:56 Public Perception and Trust 23:22  Misunderstandings of Snowden's Allegations 28:15 Lessons from the Snowden Incident 29:44 Cybersecurity in the Business World 29:57 How the Snowden Incident Reshaped NSA's Threat Monitoring 36:49 Strategic and Tactical Approaches to Security 42:35 Final Thoughts and TakeawaysSponsor Identity Breach Confidential is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jeff on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

This episode features Jake Hildreth, Principal Security Consultant at Semperis.With nearly 25 years of IT experience, Jake has seen how Active Directory Certificate Services (AD CS) can quietly become the most fragile, and most dangerous, part of an enterprise's identity infrastructure. Misunderstood, neglected, and often misconfigured, AD CS can hand attackers the ability to impersonate anyone in the organization.In this episode, Jake demystifies why certificates feel like “cult knowledge,” explains how simple missteps in AD CS cascade into critical risks, and shares real-world lessons from the front lines. He also introduces tools designed to help overworked admins find and fix issues before adversaries exploit them.This is a candid look at one of the least understood but most critical components of identity security, and the steps every security team should take now to avoid becoming the slowest gazelle in the herd.Guest BioJake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services.He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.Guest Quote" The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps05:00 Why Are People Afraid of Certificates?07:52 Basics of Public Key Infrastructure (PKI)17:36 How AD CS Integrates with Active Directory20:20 Setting Up and Configuring AD CS23:19 Active Directory and Certificate Services Integration23:54 Consequences of a Compromised AD25:55 Primary Use Cases for AD CS28:39 Recommendations for Managing AD CS30:46 Locksmith: A Tool for AD CS Issues34:06 Common Security Issues in AD CS38:28 Steps to Improve AD CS SecuritySponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jake on LinkedIn Learn about Locksmith Learn about Purple Knight Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

Episode 1000! Richard Campbell invites Paul Thurrott to join him to celebrate the milestone episode and answer questions from listeners. From the creation of the podcast to the role of Windows in the modern world, the impact of ARM, Cloud, and many other technologies - all addressed in this super-sized episode. And yes, artificial intelligence is part of the conversation—and will be part of the workflows that sysadmins utilize on a day-to-day basis. Thanks to all the folks who sent in questions for this special show - and thanks for listening!LinksDoes Windows Still MatterWindows Server 2025ARM in AzureAzure FastTrackCloud Adoption Framework for AzureMicrosoft VivaRecorded August 31, 2025

Today, we'll take a look at something that is of the essence for anyone working with identities and the shift to the cloud. What is Group SOA, and why should you care? We reflect on the dependencies of Active Directory, the five stages of transformation, and what this capability will help you achieve. (00:00) - Intro and catching up.(05:20) - Show content starts.Show links- Group SOAProvide feedback- Give us feedback!

This episode features Ed Amoroso, CEO of TAG Infosphere and former AT&T Chief Security Officer.With decades of experience securing complex infrastructures, Ed joins during a period of unprecedented change in the U.S. federal government, a moment he warns is ripe for cyberattacks. In this episode, Ed explains why rapid organizational shifts create prime openings for adversaries, and why Active Directory, often poorly understood and “orphaned” in ownership, is the first place attackers look for the keys to the kingdom. He shares practical steps for reducing complexity, shoring up identity infrastructure, and spotting risks before they're exploited. This is a timely look at how change fuels cyber risk, and the urgent actions every security leader should take now. Guest BioDr. Ed Amoroso is CEO of TAG Infosphere. An NYU professor and former AT&T executive, Ed started TAG Cyber in 2016 to democratize research and advisory services and unleash his inner entrepreneur. Business Insider tapped him as one of the country's 50 leaders “who helped lead the cyber security industry." Guest Quote"The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.” Time stamps02:25 Cybersecurity in Times of Change 14:34 Active Directory: The Heart of Cybersecurity 17:35 Recommendations for Organizations 27:04 The Role of Government and Private Sector 30:01 Final Thoughts and Advice Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Ed on LinkedIn Learn more about TAG InfosphereConnect with Sean on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Hello friends!  Today your friend and mine, Joe “The Machine” Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy!  Today's pwnage includes: “Upgrading” our Sliver C2 connection to a full system shell using PrintSpoofer! Abusing nanodump to do an lsass minidump….and find our first cred. Analyzing BloodHound data to find (and own) excessive permissions against Active Directory objects

In this high-energy episode, returning guests Gilbert Sanchez and Jake Hildreth join Andrew for a deep dive into: Module templating with PSStucco Building for accessibility in PowerShell Creating open source GitHub orgs like PSInclusive How PowerShell can lead to learning modern dev workflows like GitHub Actions and CI/CD What begins with a conversation about a live demo gone hilariously sideways turns into an insightful exploration of how PowerShell acts as a launchpad into bigger ecosystems like GitHub, YAML, JSON, and continuous integration pipelines.Bios &   Bios: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD.   Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.   Links https://gilbertsanchez.com/posts/stucco-create-powershell-module/ https://jakehildreth.github.io/blog/2025/07/02/PowerShell-Module-Scaffolding-with-PSStucco.html https://github.com/PSInclusive https://jakehildreth.com/ https://andrewpla.tech/links https://discord.gg/pdq https://pdq.com/podcast https://youtu.be/w-z2-0ii96Y  

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. We'll break down how AD CS works, how it gets abused, and what defenders need to do to lock it down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

July 21, 2025: Josh Tacey, Enterprise Architect at Omnissa, joins Bill for the news. They discuss all things HIPAA security-related as the refinement process continues to advance. The conversation centers on the controversial 72-hour business continuity requirement—can health systems really restore operations within three days when current ransomware recoveries take weeks? Josh explores whether mandated network segmentation actually helps attackers by providing a standard blueprint, and why Active Directory remains every hacker's primary target.  Key Points: 01:46 HIPAA Security Rule Issues 07:52 Challenges in Network Segmentation 10:58 Access Control and Vulnerability Patching 18:20 Architectural Practices in Healthcare News Articles:  HIPAA Security Rule X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Dave Sobel hosts a sponsored webinar discussing the modern endpoint management capabilities of Microsoft Intune, particularly its relevance for Managed Service Providers (MSPs). The session features Rolando Jimenez, a technical trainer at Nerdio, and Hugo Salazar, a Go Live engineer, who share their insights and experiences with Intune. They explore the evolution of Intune from a supplementary tool to a central component of Microsoft 365, emphasizing its integration with security products and the shift away from traditional on-premises solutions like Active Directory and Group Policy.The conversation highlights the practical aspects of deploying Intune, including the importance of pre-planning and understanding the complexities involved in transitioning from legacy systems. Rolando and Hugo discuss common pitfalls that MSPs encounter when setting up Intune, such as the need for proper configuration and the significance of using tools like the Group Policy Analyzer. They also emphasize the benefits of using Intune's autopilot feature for zero-touch enrollment, which streamlines the onboarding process for new devices.Security is a major focus, with the speakers addressing how Intune helps manage compliance and protect sensitive data, especially in a remote work environment. They explain the differences between Mobile Device Management (MDM) and Mobile Application Management (MAM), detailing how MAM allows for the protection of corporate data on personal devices without requiring full device management. This nuanced approach is crucial for organizations that want to balance user privacy with security needs.As the discussion wraps up, Rolando and Hugo encourage MSPs to embrace Intune as a powerful tool for endpoint management. They stress the importance of leveraging the capabilities of Intune to enhance operational efficiency and security while providing practical advice for successful implementation. The session concludes with a Q&A segment, where they address specific questions from the audience, further clarifying the benefits and functionalities of Intune in modern IT management. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

If you like what you hear, please subscribe, leave us a review and tell a friend!

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

"We're here to take the complexity out of unified communications — and turn it into simplicity." — Todd Remely, Unimax At Cisco Live 2025 in San Diego, Technology Reseller News publisher Doug Green caught up with Todd Remely of Unimax to explore how the company is streamlining unified communications (UC) management for enterprises and partners alike. With over 30 years in business, Unimax is a veteran in the telecom software space. Their tools help organizations manage Cisco, Microsoft Teams, Zoom, and Avaya UC systems more efficiently — and that value was on full display across two booths at Cisco Live: one in the Collaboration Village (highlighting Webex integration) and another on the main show floor. Three Ways Unimax Delivers Simplicity in Complex UC Environments: Second Nature A power-user interface that layers over Cisco and other major UC platforms, enabling administrators to perform complex MACDs (moves, adds, changes, deletes) and configuration tasks like provisioning, routing, and device pool management — all from one streamlined dashboard. Automation Platform Unimax enables full automation of provisioning and deprovisioning processes. Their platform integrates with Active Directory, ServiceNow, Remedy, HRIS systems, and any REST API-enabled tool, drastically reducing time and human error in user onboarding and offboarding. HelpOne A lightweight interface that empowers Tier 1 help desk agents to complete routine MACDs — such as password resets — without telecom expertise, freeing up UC teams to focus on higher-priority work. Remely noted strong engagement from MSPs and resellers, many of whom use Unimax's multi-tenant solutions to manage customer UC systems at scale. "We're solution-focused," he said. "And we love working with end users — because that's where the real problems are, and that's where we can help most." For more information or to request a demo, visit unimax.com or contact the team at tellmemore@unimax.com.

Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!LinksKB5014754Microsoft Security Response CenterCreate and Assign SCEP Certificate Profiles in IntuneRecorded April 10, 2025

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.

On this episode of Security Noise, Geoff and Skyler chat with Identity Security Architect Sean Metcalf about securing Active Directory, Entra, DS, and that messy space in between. Sean also talks about his recent presentation at RSA, common challenges in the identity security space, frequently seen penetration test findings, and more! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

Active Directory is 25 years old - are you still managing it like it's 1999? Richard talks to Liz Tesch about her excellent blog post on the subject and the challenge many sysadmins have with Active Directory today. Liz talks about how WAN bandwidth was a concern in the early 2000s, so we organized Active Directory into Organizational Units to minimize the amount of AD traffic over the WAN - today, that is irrelevant. The challenge today is ensuring AD is not a vector for blackhats to attack the organization. Raising your functional level and utilizing some great free tools (check the links in the show notes) are all you need to use Active Directory like it's 2025!LinksActive Directory is 25 Years Old. Do you still manage it like it's 1999?mimikatzWindows Local Administrator Password SolutionMicrosoft Entra Privileged Identity ManagementKara Lawson - Handle Hard BetterEndpoint Detection and ResponseRecorded April 4, 2025

The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, and he is discussing the latest with CISA and Chris Krebs. Selected Reading Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today) US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine) Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin) Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread) Dangling DNS Attack Let Hackers Gain Control Over Organization's Subdomain (Cyber Security News) Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech) Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer) Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping Computer) AI Hallucinations Create a New Software Supply Chain Threat (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly