Podcasts about Active Directory

In this episode, we're digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We'll break down how these extensions work, why they're so dangerous, and what IT leaders can realistically do about it.Check out these resources:Annex - Enterprise Software Extension Security & Managementhttps://crxaminer.tech/https://x.com/tucknerhttps://x.com/IceSolstBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

This episode features Tim Beasley, a Senior Incident Response Consultant at Semperis with decades of experience in compromise recovery and post-breach response.With a background that includes leading recovery efforts at Microsoft's DART team and helping build the Compromise Recovery Security Practice, Tim brings deep operational insight into what happens after attackers gain access. His work spans ransomware, nation-state intrusions, and large-scale identity compromises across public and private sector organizations.In this episode, Tim explains why gaining access is only the beginning of modern attacks and why identity remains the primary path for escalation. He breaks down how attackers exploit credential exposure and identity infrastructure, and why prevention alone fails without a recovery-first mindset. He shares real-world lessons from incident response and recovery, including how teams contain threats and limit the impact of identity compromises.This episode reframes identity security as a resilience problem and offers a clearer way to think about preparing for the breach you haven't detected yet.Guest Bio Tim Beasley is a Senior Incident Response Consultant at Semperis. He is Microsoft and VMware Certified, a MIS graduate, and a self-driven IT professional with experience in both public sector and private sector technology. While extremely loyal to employers, Tim has gained quality knowledge throughout a career that's enabled tremendous growth in an IT security environment. He enjoys challenges and implements proactive measures to maintain complete customer satisfaction and success.Guest Quote “Everything in compromise essentially starts with identity. We always say identity is the new perimeter. It's true. All attacks, breaches, every engagement that I've been a part of... all start with a compromised set of credentials.”Time stamps 00:41 Meet Tim Beasley: Cybersecurity Specialist 01:32 Tim's Journey at Microsoft 12:24 The Role of Identity in Cybersecurity 20:57 Real-World Cybersecurity Identity Challenges 23:27 The Big Four in Identity Management 24:01 Flashcard Fiascos: Cyberattacks Across Industries 32:50 Assume Breach Mentality 37:08 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Tim on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Welcome to Episode 421 of the Microsoft Cloud IT Pro Podcast. In this episode Ben sits down for a conversation with Frank Lesniak, the lead of the Microsoft 365 team at West Monroe. In this episode, they dive into the intricacies of mergers and divestitures within Microsoft 365 environments. They discuss the initial due diligence phase, planning and approach, building and configuring new environments, and the final migration and cutover phase. Frank shares insights on common challenges such as integration of different licensing models, the handling of workstations and applications, and the importance of security assessments. The episode provides a detailed look at the methodology and tools used by Frank’s team to streamline these complex processes. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Frank Lesniak on LinkedIn West Monroe Frank Lesniak Github Microsoft 365 tenant-to-tenant migrations Microsoft 365 inter-tenant collaboration Tenant life cycle considerations in multitenant solutions Frank Lesniak Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe with nearly 20 years of experience leading consulting engagements involving Microsoft infrastructure technology. His expertise spans modern cloud systems like Azure, Microsoft 365, and Entra ID to classic platforms like Windows Server, Active Directory, and SQL Server. His recent focus has been on Microsoft platform cybersecurity and automating technical processes using PowerShell. In his role, Frank establishes technical project methodologies, leads teams, automates associated processes, and creates internal software products at West Monroe and in the open-source community. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

You're using Active Directory Certificate Services - but is it configured securely? Richard talks to Ron Arestia about his work with organizations implementing their own Public Key Infrastructure (PKI) with ADCS. Ron explains how poorly configured ADCS enables lateral attacks within an organization once an initial breach occurs, allowing black hats to move throughout your network. A well-designed PKI system has tiers of protection, with the top level completely disconnected from the network. Or do you really need your own PKI system? The conversation digs into the various scenarios, including third-party options. Certificates are the top level of security for your organization - you need to get it right!LinksActive Directory Certificate ServicesWindows Hello for BusinessCertified Pre-OwnedMicrosoft Defender for IdentitySecure Privileged AccessPass the HashMicrosoft Cloud PKI for Microsoft IntuneMicrosoft Entra Conditional AccessMicrosoft AutopilotRon's BlogRecorded February 6, 2026

This episode features Dr. Mary Aiken, Professor of Cyberpsychology at Capitol Technology University and one of the world's leading experts on the impact of technology on human behavior.With a career spanning academia, law enforcement advisory roles, and global policy work with organizations like INTERPOL and Europol, Dr. Aiken brings deep insight into how human psychology shapes security outcomes. Her work focuses on the human layer of cyber risk—how trust, perception, fatigue, and bias influence behavior in digital environments.In this episode, Dr. Aiken explains why humans aren't the weakest link in cybersecurity but the most targeted. She shows how attackers weaponize human behavior through phishing, MFA fatigue, and insider recruitment, and why hybrid identity must be treated as a cyber-psychological battlefield. She also discusses what human-aware defenses look like in practice and why intelligence augmentation is critical to psychological and technical resilience.This episode reframes identity security as a human problem first and offers a clearer way to think about protecting people in an increasingly manipulative digital world.Guest BioDr Mary Aiken is a world leading expert in Cyberpsychology – the study of the impact of technology on human behaviour. She is Professor of Cyberpsychology and Chair of the Department of Cyberpsychology at Capitol Technology University Washington D.C.'s premier STEM University, and Professor of Forensic Cyberpsychology at the University of East London. Professor Aiken is a Member of the INTERPOL Global Cybercrime Expert Group and an Academic Advisor to Europol's European Cyber Crime Centre (EC3). She is a Fellow of The Royal Society of Medicine, a member of the Medico-Legal Society and an International Affiliate Member of the American Psychological Association (APA). She is a former Global Fellow at the Washington DC Wilson Center, and is a Fellow of the Society for Chartered IT Professionals. She is a former Director of the Royal College of Surgeons (RCSI) Cyberpsychology Research Centre. Dr Aiken's work inspired the CBS PrimeTime TV series 'CSI: Cyber.' Her landmark bestselling book 'The Cyber Effect' was a 2016 'Times book of the year.' Dr Mary Aiken is recognised as an international expert in industry and policy debates at the intersection of technology and human behaviour she has been invited to present at events organised by global organisations such as the United Nations, the European Union, NATO, G7, Europol, INTERPOL and the White House.Guest Quote“People talk about humans being the weakest link in the cybersecurity equation. They're not the weakest link, they're just simply the most targeted link.”Time stamps01:58 Meet Dr. Mary Aiken: World-leading Expert in Cyberpsychology 03:17 The Psychology of Cybersecurity 10:40 Behavioral Differences Online vs. Real World 15:17 Cyber Behavioral Attack Vectors 23:05 Future of Cybersecurity: AI and Human Collaboration 25:46 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Dr. Aiken on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Parce que… c'est l'épisode 0x701! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Les initiatives du gouvernement du Québec en cybersécurité Dans cet épisode du podcast, je reçois Yvan Fournier, chef gouvernemental de la sécurité de l'information du gouvernement du Québec, qui occupe le poste de sous-ministre adjoint. Cette conversation révèle l'ampleur des transformations en cours au sein de l'appareil gouvernemental québécois en matière de cybersécurité. Un parcours technique impressionnant Yvan Fournier possède un parcours professionnel remarquable de 29 ans dans le réseau de la santé, où il a occupé pratiquement tous les postes possibles, du technicien jusqu'au directeur général de la cybersécurité. Son expertise technique est considérable : il détient 22 certifications en cybersécurité, a été le premier instructeur Novell francophone, et a même participé à des concours de hacking aux États-Unis. Cette solide expérience technique lui permet aujourd'hui d'apporter une vision pragmatique et éclairée à son rôle stratégique. Les 15 mesures obligatoires : une base solide En 2019, en collaboration avec des champions du réseau gouvernemental, l'équipe d'Yvan Fournier a établi 15 mesures obligatoires de cybersécurité, inspirées du référentiel NIST. Ces mesures incluent des éléments fondamentaux comme l'authentification multifacteur, l'application des correctifs de sécurité, et l'utilisation de systèmes d'exploitation encore supportés par les fabricants. Ces mesures constituent le socle sur lequel repose aujourd'hui la stratégie de cybersécurité gouvernementale, visant à protéger les données des citoyens et assurer la continuité des services publics. Une surveillance centralisée 24/7/365 L'un des projets phares actuels est la mise en place d'un service de surveillance centralisé fonctionnant 24 heures sur 24, 7 jours sur 7, 365 jours par année, basé sur l'intelligence artificielle. Historiquement, chaque organisme public devait assurer sa propre surveillance, ce qui créait des disparités importantes selon les ressources disponibles. Les petits organismes ne pouvaient pas se permettre d'avoir du personnel de garde en permanence. Le nouveau système centralise les données provenant de multiples sources : les EDR (antivirus avancés), les balayages de vulnérabilités externes et internes, les PDNS (pour surveiller les employés en télétravail), et les vérifications des Active Directory. Toutes ces informations convergent vers des SIEM et SOAR locaux, basés sur l'IA, permettant une vue d'ensemble complète de l'état de sécurité du gouvernement. Le gouvernement collabore également avec des firmes privées pour assurer cette surveillance continue. Fait intéressant, le coût de ce service est environ deux fois moins élevé que ce que paient certaines organisations privées, tout en offrant un niveau de service supérieur. Le regroupement RHI : une révolution organisationnelle Un changement majeur qui n'a pas reçu l'attention médiatique qu'il mérite est le regroupement RHI, qui intègre la cybersécurité de 52 organismes publics (ministères et organismes) directement au sein du MCN (Ministère de la Cybersécurité et du Numérique). Cette centralisation, qui prendra effet à partir du 1er avril, permettra d'harmoniser les choix technologiques et stratégiques dans tout l'appareil gouvernemental. Comme le souligne Fournier, ce n'est pas parce qu'un organisme est petit qu'il doit avoir une sécurité moins robuste, car tous les systèmes sont interconnectés et une vulnérabilité dans un petit organisme peut compromettre l'ensemble. L'automatisation et la réactivité L'un des enjeux majeurs identifiés par Fournier est la vitesse à laquelle les attaques se produisent désormais. Avec l'arrivée de l'intelligence artificielle, le nombre d'attaques a augmenté drastiquement, et le temps entre la découverte d'une vulnérabilité zero-day et son exploitation est passé de plusieurs jours ou semaines à environ quatre heures. Cette réalité impose une automatisation des réponses. Le nouveau système permettra non seulement de détecter les menaces en temps réel, mais aussi d'automatiser les réactions : bloquer automatiquement les serveurs compromis, déployer centralement les indicateurs de compromission (IOC) sur tous les pare-feu du gouvernement, et même arrêter préventivement les services à risque. L'exemple de la vulnérabilité SharePoint illustre bien cette capacité : le Québec a agi rapidement en fermant les systèmes vulnérables, alors qu'une autre province a subi le piratage de 900 serveurs SharePoint. Reconnaissance internationale et création de CVE Un accomplissement remarquable est que le Québec (et non le Canada) fait maintenant partie des 20 organisations mondiales autorisées à créer des CVE (Common Vulnerabilities and Exposures), aux côtés du Luxembourg. Cette reconnaissance témoigne de l'excellence des équipes de pentesting québécoises, qui découvrent régulièrement des vulnérabilités, parfois avec l'aide de pentesteurs virtuels basés sur l'IA. Le balayage de vulnérabilités : externe et interne Le balayage externe des vulnérabilités, déployé massivement pendant le confinement, permet déjà une visibilité complète sur la surface d'attaque visible depuis Internet. Le balayage interne, actuellement en cours de déploiement, apportera une dimension supplémentaire cruciale. Au-delà de l'identification des vulnérabilités, ces outils permettront de créer un inventaire automatisé et centralisé de tous les équipements, logiciels, et même des microcodes des contrôleurs de stockage et des BIOS. Cet inventaire facilitera grandement la gestion des risques : lorsqu'une nouvelle vulnérabilité est annoncée, il sera possible de cibler immédiatement les organismes concernés plutôt que d'alerter tout le monde. De plus, cet inventaire donnera une vision claire de la dette technique et permettra de prioriser les investissements en fonction des risques réels. Le défi des objets connectés Fournier identifie les objets connectés (IoT) comme un défi majeur pour l'avenir. Ces dispositifs, de plus en plus présents dans l'environnement gouvernemental (santé, transport, construction), posent des problèmes de sécurité particuliers. La majorité des microcodes sont produits par cinq grandes compagnies chinoises, et ces objets peuvent contenir des fonctionnalités insoupçonnées, comme la reconnaissance faciale dans un drone à 40 dollars. L'exemple du thermomètre d'aquarium ayant servi de point d'entrée pour paralyser un casino pendant 24 heures illustre les risques associés. Pour Fournier, avoir un inventaire complet des objets connectés dans l'appareil gouvernemental représente le “Saint Graal” de la cybersécurité. Le projet de loi 82 et les infrastructures critiques Le projet de loi 82 confère pour la première fois au gouvernement du Québec une responsabilité dans la sécurité des infrastructures critiques de la société civile. Cela inclut l'eau, l'électricité, et d'autres services essentiels. Le gouvernement commence déjà à travailler avec certaines municipalités qui manifestent un vif intérêt pour cette collaboration, particulièrement importante considérant la vulnérabilité des systèmes de gestion de l'eau. Conclusion Les initiatives présentées par Yvan Fournier démontrent que le gouvernement du Québec prend la cybersécurité au sérieux et investit massivement dans la protection de ses systèmes et des données des citoyens. La centralisation des ressources, l'automatisation des réponses, la surveillance continue, et l'adoption de technologies basées sur l'IA positionnent le Québec comme un leader en matière de cybersécurité gouvernementale. Ces efforts et combinés à l'ouverture au code source, tracent la voie vers un avenir numérique plus sûr pour tous les Québécois. Collaborateurs Nicolas-Loïc Fortin Yvan Fournier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Principal Security Consultant and community favorite Jake Hildreth returns to The PowerShell Podcast to talk about building smarter automation, leveling up through community, and creating tools that solve real problems. Andrew shares his “stop trying so hard” theme for the year, how working smarter applies directly to scripting and security, and why getting involved with others is one of the fastest ways to grow in your career. The conversation dives into Jake's recent projects including Deck, a Markdown-to-terminal presentation tool built on Spectre.Console, and Stepper, a resumable scripting framework designed for long-running workflows that can't be fully automated end-to-end. They also explore presentation skills, avoiding “death by PowerPoint,” and why security work requires constantly re-checking assumptions as threats evolve.   Key Takeaways: • Work smarter, not harder — Whether you're scripting or building a career, small sustainable improvements beat grinding yourself into a corner. • Resumable automation is a game changer — Stepper helps scripts safely pause and resume, making real-world workflows more reliable when humans or flaky APIs are part of the loop. • Community turns into real momentum — Contributing, asking questions, and sharing feedback builds skills, friendships, and opportunities faster than trying to learn alone.   Guest Bio: Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, Stepper, Deck, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.   Resource Links: • Jake Hildreth's Website – https://jakehildreth.com • Jake's GitHub - https://github.com/jakehildreth Andrew's Links - https://andrewpla.tech/links • PowerShell Spectre Console – https://pwshspectreconsole.com/ • PDQ Discord – https://discord.gg/PDQ • PowerShell Conference Europe – https://psconf.eu • PowerShell + DevOps Global Summit – https://powershellsummit.org • Jake's PowerShell Wednesday – https://www.youtube.com/watch?v=YdV6Qecn9v0 The PowerShell Podcast on YouTube: https://youtu.be/rFeoTKLerkA  

This episode features Andy Drag, Staff Product Manager at Cohesity.With a background in systems administration and two managed service provider startups, Andy brings deep, hands-on insight into the challenges IT teams face. Over the last decade, he's led product management across backup vendors and SaaS continuity platforms, shaping products around integrations, cyber recovery, and resilience.In this episode, Andy shows how ransomware has changed the stakes for backup and identity, and why they must be treated as tier-zero systems. He explains how attackers now target backup platforms, what tighter roles, isolation, and immutability look like in practice, and why actually rehearsing recovery is more important than any architecture diagram.This is a realistic look at whether your recovery plan will work in a real-world attack or only looks good on paper.Guest Bio Andrew Drag is a Staff Product Manager at Cohesity, focused on identity resilience and Microsoft enterprise applications.. He began his career in systems administration before founding two local managed service provider startups, giving him deep, hands-on experience with the challenges IT teams face. Over the last decade, he has transitioned into product management, shaping products across legacy backup and recovery vendors as well as SaaS business continuity platforms with specific focuses on integrations, cyber recovery, and SaaS-ification. Drawing on this blend of practitioner insight and product leadership, he is passionate about building solutions that help organizations stay resilient in the face of change. Based in the New York metro area, he brings a practitioner's perspective to product leadership, ensuring technology solves real-world challenges.Guest Quote "One of the most important things is testing your recoveries. In a disaster, when you do a recovery, you don't want it to be the first time that you're performing that recovery.”Time stamps 01:16 Meet Andrew Drag: Identity Resilience and Data Protection Expert 01:57 Why Traditional Data Protection Breaks Down 04:19 Modern Data Protection: From Backups to Resilience 05:47 The Hard Truth About Recovering After an Attack 08:43 Core Best Practices for Data Protection 10:32 Elevating Backup and Identity to Tier 0 13:23 Using Backup Data for AI and Analytics 16:22 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Andy on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Bentornati e bentornate su Azure Italia Podcast, il podcast in italiano su Microsoft Azure!Per non perderti nessun nuovo episodio clicca sul tasto FOLLOW del tuo player

Send us a textI denne episoden av Digitaliseringspodden møter vi Marius Solbakken fra 42, Microsoft MVP.  Programlederne er Jens Christian Bang og Dag Rustad. Opptaket er gjort live fra Publicworld-konferansen, med offentlig sektor som bakteppe.Samtalen tar oss fra klassisk Active Directory til Entra ID, og videre inn i moderne identitetsstyring, passordløs autentisering, onboarding, single sign-on og tilgangsstyring i praksis. Marius forklarer hvorfor identitet ikke bare er et sikkerhetstiltak, men selve grunnmuren for digital kontroll – spesielt i en verden der AI-agenter, automatisering og autonome systemer er på vei inn i virksomhetene.Vi diskuterer også hvorfor mange organisasjoner fortsatt mangler kontroll på helt grunnleggende tilgangsprosesser, hvordan feilkonfigurasjoner kan bli minst like farlige som eksterne angrep, og hvorfor «grunnmuren først»-prinsippet er avgjørende før man slipper AI løs i forretningskritiske systemer.En episode for deg som jobber med IT, sikkerhet, sky, digitalisering – og som vil forstå hvorfor identitet er nøkkelen til både trygg drift og fremtidens AI.Digitaliseringspådden lages av Already On og CW.no. Besøk oss på digitaliseringspodden.alreadyon.com. Du finner Digitaliseringspådden på alle plattformer – lytt via Spotify, Apple Podcasts eller YouTube Podcasts.

Parce que… c'est l'épisode 0x692! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Introduction Ce deuxième épisode du podcast technique avec Charles F. Hamilton explore en profondeur les techniques d'évasion des solutions EDR (Endpoint Detection and Response) et les stratégies que les red teamers peuvent utiliser pour contourner ces systèmes de détection. La discussion révèle que malgré les avancées technologiques, les EDR restent vulnérables à des techniques relativement simples lorsqu'on comprend leurs mécanismes de détection. Les limites de la détection EDR Corrélation réseau et named pipes Un exemple concret illustre les faiblesses des EDR modernes : un exécutable malveillant qui communique avec internet tout en effectuant de la reconnaissance sur le réseau interne. Les EDR “top tier” détectent généralement cette activité anormale grâce au machine learning, identifiant qu'un processus communique simultanément vers l'extérieur et vers le réseau local via SMB, Kerberos ou d'autres protocoles. La solution de contournement est élégante : utiliser les named pipes de Windows. Cette fonctionnalité native permet la communication inter-processus. En séparant les tâches entre deux processus indépendants - l'un gérant les communications externes, l'autre la reconnaissance interne - et en les faisant communiquer via named pipes, on brise complètement la chaîne de détection du machine learning. Cette technique, enseignée depuis 8 ans dans les formations red team, demeure efficace. Des signatures déguisées Paradoxalement, malgré leurs prétentions, les EDR fonctionnent encore largement sur des principes de signatures. La différence avec les antivirus traditionnels réside davantage dans où ils appliquent cette détection - non seulement sur le disque, mais aussi en mémoire et au niveau comportemental. Le compromis entre faux positifs et détection reste délicat : générer 1500 alertes par jour conduirait à l'“alert fatigue” et rendrait le système inutile. Techniques d'obfuscation et d'évasion La randomisation intelligente Pour éviter la détection statique, l'obfuscation doit être réfléchie. Un piège courant : générer des variables aléatoires de longueur fixe (par exemple, toujours 16 caractères). Les règles Yara peuvent détecter ce pattern. La solution consiste à introduire de la randomness dans le random : utiliser des longueurs variables (entre 6 et 22 caractères) et concaténer plusieurs mots du dictionnaire plutôt que des chaînes purement aléatoires. Nettoyage de la mémoire L'obfuscation ne s'arrête pas à l'exécution. Même après déchiffrement en mémoire, des artefacts subsistent. Par exemple, Cobalt Strike laisse des patterns reconnaissables dans les premiers bytes du shellcode. La stratégie recommandée utilise plusieurs threads d'exécution : un pour déchiffrer et lancer le shellcode, un autre pour nettoyer la mémoire des variables intermédiaires. Bien que les EDR ne scannent pas la mémoire en continu (ce serait trop coûteux en performance), ces artefacts restent détectables. Protection au niveau kernel Protected Process Light (PPL) Microsoft a introduit les PPL pour protéger les processus critiques comme LSASS. Même avec des privilèges système, un attaquant ne peut accéder à ces processus. Le problème : le kernel reste le point de confiance ultime. Une fois qu'un attaquant obtient l'exécution de code au niveau kernel - via des drivers vulnérables par exemple - toutes les protections PPL tombent. Techniques d'anti-tampering La technique “EDR Freeze” illustre cette réalité : en utilisant ProcDump (un outil Windows légitime), on peut créer un dump mémoire d'un processus EDR, ce qui le met en pause. En arrêtant ensuite ProcDump avant qu'il ne termine, le processus EDR reste indéfiniment en pause, sans générer d'alerte de tampering puisqu'il n'a pas été modifié. Cloud et nouvelles vulnérabilités Le passage au cloud déplace simplement les problèmes. Les attaques traditionnelles visaient le “domain admin” en local ; aujourd'hui, avec l'authentification multifacteur, les attaquants utilisent le device code phishing ou des applications tierces malveillantes pour obtenir des tokens OAuth valides. Une fois ces tokens obtenus, l'escalade vers “global admin” devient possible. La difficulté : aucun EDR ne peut surveiller ces attaques puisqu'elles se déroulent depuis la machine de l'attaquant. La seule visibilité provient de ce que Microsoft accepte de partager, souvent derrière des paywalls supplémentaires. Les entreprises ont passé 20 ans à maîtriser Active Directory et les outils de sécurité on-premise, mais repartent de zéro dans le cloud avec des outils immatures. Recommandations défensives Configurations simples mais efficaces Plusieurs mesures basiques restent sous-utilisées : Bloquer PowerShell pour les utilisateurs non techniques Désactiver la fonction Run (Windows+R) pour 99% des utilisateurs Supprimer MSHTA.exe via GPO (aucun besoin légitime des fichiers HTA) Restreindre les scripts Office par défaut Ces mesures élimineraient la majorité des attaques “commodity malware” qui fonctionnent uniquement parce que les entreprises n'ont pas fermé ces vecteurs d'accès basiques. Le facteur humain irremplaçable Les EDR excellent contre le malware de masse mais peinent face aux attaques ciblées. L'IA et les agents ne remplaceront pas les analystes humains capables de : Faire du threat hunting actif Contextualiser les alertes (pourquoi un utilisateur non technique lancerait-il PowerShell ?) Détecter les anomalies dans le trafic réseau (nouveaux domaines, patterns de requêtes POST répétitives) Raconter l'histoire complète d'une intrusion en corrélant les événements Détection réseau Les NDR/XDR commencent à combler cette lacune, mais restent embryonnaires. La détection réseau devrait identifier : Les nouveaux domaines jamais vus auparavant Les patterns de communication C2 (requêtes POST régulières avec jitter) Les anomalies d'authentification Le trafic inhabituel pour un profil utilisateur donné Conclusion La sophistication des attaquants reste limitée car ils n'en ont pas encore besoin - trop d'environnements demeurent mal configurés. Les entreprises investissent massivement dans les EDR mais négligent les configurations de base et le facteur humain. L'histoire se répète avec le cloud et l'IA : plutôt que de résoudre les problèmes fondamentaux, on déplace la responsabilité vers de nouveaux outils. La vraie sécurité nécessite une compréhension technique approfondie, des configurations rigoureuses, et surtout, des analystes compétents pour interpréter les signaux et raconter l'histoire des incidents. Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

This episode features host Sean Deuby and fellow Semperis colleague Guido Grillenmeier, Principal Technologist, EMEA, in a candid recap of the 2025 Hybrid Identity Protection Conference in Charleston. They trade takeaways on what they heard, what surprised them, and what the event revealed about where hybrid identity security is headed.Sean and Guido highlight some key observations from keynote speakers including Chris Inglis (former US National Cyber Director), Alex Weinert (Semperis CPO and former VP of Identity Security at Microsoft), and other identity security and recovery experts across the world.This is a fast, grounded debrief designed to help you take in the conference highlights and carry forward the insights that will matter most in the year ahead.Time stamps 01:45 Welcome to the HIP Conf Recap04:27 The Biggest Conference Themes and What They Signal08:39 Active Directory's Evolution + Microsoft's Presence12:54 Keynotes and the Broader Identity Threat Picture17:14 Practical Practitioner Takeaways26:49 Identity Security as an Ongoing Program31:39 Wrap-Up and What's Next for HIP ConfSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Watch all the sessions from HIP Conf 2025Connect with Guido on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Github ⁠https://github.com/Pennyw0rth/NetExec-Lab/tree/main/BARBHACK-2024⁠Writeup from Acceis ⁠https://www.acceis.fr/write-up-barbhack-challenge-active-directory/⁠Twitter: ⁠⁠https://x.com/mpgn_x64⁠Ludus ⁠https://docs.ludus.cloud/docs/environment-guides/barbhack-ctf-2024⁠

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com.  Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you'll be doing should you choose to join me on this hacking adventure!

Imagine your work day starting off like any other only to find you've been laid off. What would you do next? Dave Stevens lived this reality a couple of years ago and joins us this week in episode 354 to share the lessons from that experience. We'll take you through how Dave processed the news of being laid off, the warning signs he missed, when he knew it was time to begin searching for a new role, how he thought about what to do next, and the critical importance of his personal and professional network throughout this process. Regardless of your age or the size of your professional network, Dave shares actionable suggestions for building professional connections that we all may be overlooking. Original Recording Date: 10-28-2025 Topics – Background and the Impact of a Layoff Event, Initial Forward Progress and Reliance on a Professional Network, Skills Gaps and Unexpected Positives, Elements of the Personal and Professional Network, Reaching Closure and Reflecting Back on the Lessons 2:27 – Background and the Impact of a Layoff Event Dave Stevens is a Field Solutions Architect at Pure Storage. In this role, Dave is a technical overlay for pre-sales technical personnel at Pure across North America. This is the role Dave took after he was impacted by a layoff. What was Dave's role before he was impacted by a layoff event? For context, the layoff event we discuss in this episode took place around 2.5 years before this recording. Dave was classified as a systems engineer or pre-sales technical resource at his employer supporting multiple account reps. It was more of a solutions architect type of role, and Dave highlights his entry into this organization and role was via acquisition. Was there an element of technical marketing to the role? Nick mentions that Dave often had to attend trade shows in this role. Dave had a virtualization background and went to a lot of events to discuss how his company's products integrated with those different technology ecosystems. The day Dave was laid off started as a normal day at his home office. His boss was based in Europe, so most 1-1 calls were usually late in the day his boss's time (early afternoon for Dave). A meeting popped up that was earlier than usual, but Dave didn't think anything of it. Right after Dave joined the remote session for the meeting, someone from HR joined followed by Dave's boss. Dave wasn't quite sure what to expect and didn't know what was happening. He didn't know if it was a layoff coming or some other kind of situation happening at his company. When Dave was laid off, they told him it was not for performance reasons, but there weren't really any other details provided on why he was being laid off. “So, at that point it was just like, ‘what do I do?'” – Dave Stevens, on receiving layoff news After receiving the news, Dave's access to company systems like e-mail was quickly cut off. He went downstairs and spent the rest of his day relaxing. Dave did not want to talk about what happened any further that first day. Did Dave struggle with separating his identity from his employer or the job he held at all when this happened? Dave says he did, at least a little bit. Dave wanted to be successful in whatever role he found himself, and the reason he was in the systems engineering role at the time of the layoff event is a result of his drive to be successful in the years leading up to that role. “I also wanted to make sure that…the people that I worked with that I enjoyed working with. If I didn't enjoy working with them, then there was no reason to continue staying there. So that's part of my identity on how I interact with work.” – Dave Stevens In the early days of Twitter (now X), Dave defined an identity there. He also created a personal blog. Dave says his identity was often tied to where he worked. “Once this all happened, I just kind of cut that off. And I needed some time to really digest what I just went through that day.” – Dave Stevens Is there something Dave wishes people had done for him when this first happened? Dave says he wishes he would have listened to his wife. Before experiencing the layoff event, a number of colleagues who had entered the company through acquisition like Dave were either leaving or had been laid off (including his boss being laid off). At the time, Dave didn't think much about these events. Dave's wife had encouraged him to look for other jobs before the layoff happened, and he feels he should have listened. “It's much easier finding a job when you have a job. There's not as much pressure on you. You can take your time and really find the job that you want. That's the one thing that kind of took me by surprise….” – Dave Stevens Did Dave's wife also point him in a direction or provide feedback on the type of work he should pursue? We've spoken to previous guests who had spouses that provided insight into the type of work that made them happy. Dave feels like there has been an element of this in place since he and his wife got married. When Dave got a job opportunity to relocate to the New Hampshire area, his wife had some interesting feedback. “It's great that you're going to make more than you're making at the job you are currently, but I don't want you to take a job just because of money. I want you to take a job because it's something you're interested in doing and you're going to be happy at. So, I've always kept that in the back of my mind every time I go and look for a job….” – Dave Stevens, quoting his wife's advice Dave considered this same advice when pursuing his current role at Pure. Because he enjoyed meeting and speaking with people during the interview process, the decision to accept the role was easy. Liking the people he would be working with was more important than a pay increase. 10:53 – Initial Forward Progress and Reliance on a Professional Network How long did Dave need to process before taking the first actions toward a new role? For the first 3 weeks or so, Dave relaxed a little bit. There were a number of projects at home that he needed to do and some that he wanted to do. Working on the projects helped take his mind off what had happened. Dave mentions he was given a severance for about 3 months and wanted to find a new role within that time period if possible. But if he could not find something in that time period, it would not be the end of the world. Dave tells us it was easier to find work when he was laid off than it is currently. Close to the time of this recording, AWS announced job cuts for up to 30,000 people. He made the conscious decision after those first few weeks to spend the first part of the day searching for new jobs and then continued working on different projects in the afternoons. How did Dave know who to reach out to first? Nick argues that most of us likely don't have a list of who we would call if something like this happened. When Dave came to the New England area, he started working for Dell in tech marketing. Through his work, Dave built a tight bond with many of his co-workers. Dave remembers sending a text message to many of his former co-workers (none of which were still at Dell) asking if they knew of any open opportunities. Dave wanted to understand what former colleagues were working on now and what the culture of their company was like. He started by seeking out people he already enjoyed working with and analyzed whether it made sense to go and work with them again. Was Dave open to different types of roles in his job search, or did that not matter? It had to be interesting work and involve people he wanted to work with or enjoyed working with. Dave says as long as it was something in the tech field, it didn't matter too much. Dave began his career in systems administration and tech support and had experience in the storage industry, with backups, and with Active Directory to name a few areas. He had also done technical marketing and was open to returning to it. Dave also looked at pre-sales systems engineering or solution architect roles. What about taking roles that moved him deeper into a business unit like product management? Dave says product management is interesting work, but depending on the company, the work may not always have the technical aspects he likes. Many of the product managers at Pure are quite technical, but most of the product management roles he observed at other companies were not as technical as he would like. “It just didn't interest me. It wasn't technical enough in nature for me.” – Dave Stevens, on moving into product management It sounds like Dave had done a good job of keeping in touch with people in his professional network over time. “I have always made sure to have a small group of folks that I can just reach out to at any time and…chat about anything…. I've always made sure to have that…. I didn't talk to them all the time, but we all interacted in some way, shape, or form whether it was an e-mail or text messaging…even some stuff on LinkedIn. We all kind of kept in touch…. I had people that I could fall back on and reach out to and get advice from if I needed to. This is the time where I really needed some advice on where to go to next.” – Dave Stevens Dave says he was lucky enough to find a new job before the end of his 3 months of severance pay. Dave's wife commented that she wasn't too worried about him. She knew he had a strong professional network. Did anyone in Dave's professional network ask him what he wanted to do next, or did they just start making recommendations based on what they knew about him? Dave says it was a little bit of both. Some people pointed Dave to specific open roles in the same group where they worked (still in tech, of course), while others directed him to the company job site and offered to act as a referral for him. Dave tells us he's very willing to give others a referral. “I want to make sure that people that I know and I like to work with come to work with me.” – Dave Stevens Dave says he also turned on the Open to Work banner on LinkedIn. While this did result in many recruiters reaching out to Dave, many of the opportunities they contacted him about were not interesting. Dave is hearing from many in our industry that bots are reaching out to people and trying to take advantage of them. His advice is that we need to be guarded in our interactions on LinkedIn as a result to avoid scams. 19:10 – Skills Gaps and Unexpected Positives What kinds of skills gaps did Dave see when seeking new opportunities? For context, this was roughly 2.5 years ago. Dave says at that time, AI wasn't as helpful as it is today and was not something that was interesting to him. Dave tells us he uses AI heavily today compared to back then. Dave felt confident in the knowledge and skillset he had built through years of industry experience. Ideally, he would land a new role that overlapped those areas, but if a new role required coming up to speed quickly, he would do what was needed. Dave started looking at public cloud and certifications related to Azure and AWS. “Although it was interesting, it wasn't really what I wanted to do.” – Dave Stevens, on public cloud technologies compared to the technologies with which he was familiar What were some of the unexpected positive outcomes of getting laid off even though it was difficult in the beginning? One positive, according to Dave, is the amount of people in his network he was able to reach out to on LinkedIn. So many people were open to helping. The only negative Dave thinks is maybe not acting quickly enough in starting his job search. “It's really about building not only your personal network but your professional network. And my professional network really came to my rescue and helped me understand that…it's not the end of the world. You're going to make it. You're going to do fine. But let me know if there's any way that I can help you in that journey that you're on right now.” – Dave Stevens Were there any things Dave and his wife had done (conscious or unconscious) to prepare for the layoff event based on market trends? Dave says his wife is very good at managing their home budget, and since they got married, they intentionally build a financial nest egg they could lean on in the event Dave was out of a job. 22:27 – Elements of the Personal and Professional Network What are some of the things Dave is even more intentional about now with his professional network than he was in the past? Dave received some great advice from a co-worker to reach out to one person in his professional network each week. Many times, Dave will do this on LinkedIn or even via text if he has the person's number. “Keep that personal connection going. As much as AI is taking over, as much as we do a lot of things on Zoom, I've learned over my years of working in the industry that there's nothing better than the face-to-face interaction…. It's so much more fun and relaxing to just get out of the office or home office…and just sit down with people and keep that personal connection going.” – Dave Stevens Dave mentions he likes to get together with co-workers in the area every now and then, even if they have the same conversation in person that they would have had on Zoom. It's different and more relaxing. How can younger listeners who may be trying to break into the industry build a professional network when they might not have a deep contact list or large network like someone in the industry for a long time? Nick and Dave talked about this before hitting record and thought it could be helpful to share during our discussion. Dave has a newfound perspective on this from being around his nephews and nieces. The job market is very different today than when Dave first began his career. “Nowadays, resumes just go into a black hole, and you don't necessarily know if you're still in the mix for a current job.” – Dave Stevens Dave has encouraged his nephews and nieces to leverage their personal network to build a professional network. He may know someone who knows someone in the field they want to pursue, for example. “There's no shame or harm in utilizing all your resources…. Utilize your personal network because you don't have the professional network built up yet to help you get that foot in the door.” – Dave Stevens Young people could even use their parents as a way to broaden their own network. It's an opportunity to get introduced to others. Dave uses the example of a chance meeting at a concert that could result in a new connection for someone. Nick would encourage younger listeners to get out to in-person meetup groups on any interesting topic. Go ask people what they are learning, why they work where they work, how they got there, and see if they have advice for you. Dave agrees and has leveraged both local professional groups and meetup groups in the New Hampshire area to meet new people. This is expanding your local professional network as Dave calls it (not to be confused with your global professional network) and is a great thing to do when you move to a new place. You never know when a conversation at a local meetup might help you get a warm lead on a job that will be posted soon. Did the layoff come up in interviews at all? How did Dave handle that? Dave says some people brought it up. In other cases, he brought it up in conversation, wanting people to know he was not let go for doing something wrong. 28:22 – Reaching Closure and Reflecting Back on the Lessons How did Dave know he had reached closure on the layoff situation? Dave thinks he was motivated to take action toward finding a job due to a fear of boredom. He had been working on various projects but knew he would run out of them at some point. Dave had enough time to adjust to not having a job, and he was ready to begin doing some kind of work again. “I didn't want to get bored. I hate being bored. I hate being bored at work. I hate being bored in general. That's really what the impetus was for me to go out and start looking…that fear of relaxing for too long and being bored.” – Dave Stevens At this point Dave reached further into his professional network beyond that first group of friends and former colleagues he mentioned earlier. Does taking action in a direction mean we're ready to move on from what happened? Is it when we have to discuss what happened in an interview, or is it something else? How do we measure this? Dave says it was easier to accept and felt mostly behind him when he was actively looking for a new position. He knew only he could take the actions to move forward. The feeling of what happened before went completely away when Dave accepted a new job at Pure. Dave feels he was very lucky to find a role. Lining up multiple interviews gave Dave momentum and a feeling of positivity. “I feel that people understand that I have the skills for these jobs. Otherwise, I wouldn't have gotten 5 job interviews as quickly after I really started taking action to look for a job. So, I got lucky.” – Dave Stevens If Dave had to do it all again, what would he do differently? Dave feels he has about 10 more years left working in the tech industry. For now, Dave enjoys the job he has, wants to excel doing it, and wants to continue growing. Dave currently works for the best boss he's had to date. “He not only pushes me, but he pushes our entire team to just get better….” – Dave Stevens, on his current manager Dave tells us he does not want to be a people manager or a product manager. “I want to continue to excel and expand my depth of knowledge across the virtualization industry and the storage industry.” – Dave Stevens The work at Pure is very interesting to Dave, which is also motivating him to continue learning and excelling. Part of this is using more AI-focused tooling as it becomes available to use. What does Dave think the role of AI tools is in helping with one's job search? There are a number of tools out there we can leverage to analyze our resume. Dave suggests keeping track of which tool we've used to analyze our resume because that could be used to train a model. In addition to this, use AI to research companies. Use them to help you understand what companies are like and what their culture is like. Many people in a sales role within Pure, for example, use an AI tool of some kind to learn more about their customers. Nick reiterates the nuances of acquisitions. Dave worked for a company that was acquired by another company. Over time there was a pattern of people from the company which was acquired being laid off. Perhaps this is a sign we should watch for and prepare. Dave says we need to be looking at and listening for the signs coming toward us. He listens to his wife more intently when she makes a suggestion. Dave continues to check in with people in his professional network and offers advice when they need it. Dave would encourage all of us to use our personal and professional network if we end up in the situation he was in (experiencing a layoff). “Not everybody is going to be able to help you or is willing to reach out and help you, but when someone does…don't just brush it aside as they want something out of this. They probably genuinely want to help you. So, take advantage….” – Dave Stevens If you want to follow up with Dave on this conversation, Connect with Dave on LinkedIn Check out Dave's blog site Mentioned in the Outro The three week period Dave took to work on projects may have been what gave him the clarity on the type of work he did and did not want to do once he began his search. Dave mentions getting some great advice from his wife and her emphasis on him pursuing roles that would make him happy and be enjoyable work. This echoes something similar to what Brad Christian shared in Episode 264 – Back to Basics: Technology Bets and Industry Relationships with Brad Christian (2/2) when it came to choosing what to do next after a layoff. If you enjoyed this format and want to hear other stories of people recounting their layoff experience, check out these episodes featuring Jason Gass. He talks about the lost art of supporting others in episode 343, which aligns very well with Dave's advice on building our personal and professional network. Episode 342 – Planting Seeds: Networking and Maneuvering Unexpected Job Loss with Jason Gass (1/2) Episode 343 – The Lost Art: Marketplace Heartbeat and Finding Closure after a Layoff with Jason Gass (2/2) Contact the Hosts The hosts of Nerd Journey are John White and Nick Korte. E-mail: nerdjourneypodcast@gmail.com DM us on Twitter/X @NerdJourney Connect with John on LinkedIn or DM him on Twitter/X @vJourneyman Connect with Nick on LinkedIn or DM him on Twitter/X @NetworkNerd_ Leave a Comment on Your Favorite Episode on YouTube If you've been impacted by a layoff or need advice, check out our Layoff Resources Page. If uncertainty is getting to you, check out or Career Uncertainty Action Guide with a checklist of actions to take control during uncertain periods and AI prompts to help you think through topics like navigating a recent layoff, financial planning, or managing your mindset and being overwhelmed.

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous. He distinguishes between Disaster Recovery (business continuity for operational errors) and Cyber Resilience (recovering from a malicious attack where data and identity are untrusted) .Matt speaks about the "dirty secrets" of cloud-native recovery, explaining why S3 versioning and replication are not valid cyber recovery strategies . The conversation shifts to the critical, often overlooked aspect of Identity Recovery. If your Active Directory or Entra ID is compromised, it's "ground zero” and you can't access anything. Matt argues that identity must be treated as the new perimeter and backed up just like any other critical data source .We also explore the impact of AI agents on data integrity, how do you "rewind" an AI agent that hallucinated and corrupted your data? Plus, practical advice on DORA compliance, multi-cloud resiliency, and the "people and process" side of surviving a breach.Guest Socials - ⁠Matt's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions:(00:00) Introduction(02:20) Who is Matt Castriotta?(03:20) Defining Cyber Resilience: The Ability to Say "No" to Ransomware(05:00) Why "I Have Backups" is Not Enough(06:45) The Difference Between Disaster Recovery and Cyber Recovery(10:20) Cloud Native Risks: Versioning and Replication Are Not Backups(12:50) DORA Compliance: Multi-Cloud Resiliency & Egress Costs(15:10) The "Shared Responsibility Model" Trap in Cloud(17:45) Identity is the New Perimeter: Why You Must Back It Up(22:30) Identity Recovery: Can You Restore Your Active Directory in Minutes?(25:40) AI and Data: The New "Oil" and "Crown Jewels"(27:20) Rubrik Agent Cloud: Rewinding AI Agent Actions(29:40) Top 3 Priorities for a 2026 Resiliency Program(33:10) Fun Questions: Guitar, Family, and Italian Food

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.With 15+ years in IT security, Chris has worked across Microsoft's security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He's now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.In this episode, Chris explores the limitations of Active Directory security and how Microsoft's new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.Guest BioFor over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.Guest Quote “It's not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”Time stamps01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP02:00 The Hybrid Identity Attack Playbook06:03 Active Directory vs. Entra ID: The Security Gap09:02 Breaking Down Global Secure Access11:58 What This Looks Like for Real Users16:17 Bringing Zero Trust to the Network Layer17:50 What You Need to Deploy Global Secure Access20:48 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Christopher on LinkedInLearn more about glueckkanja AGWatch Christopher's talk at HIPConf 2025Connect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

This episode features Daniel Stefaniak, Vice President Architect - Cybersecurity and Identity at JPMorgan Chase.With deep experience as an IT architect, consultant, and technical program manager, Daniel has helped design and deploy large-scale IAM and CIAM solutions that support millions of users. He is widely recognized for his expertise in Active Directory and Entra ID and for bringing clear, unfiltered insight into some of the industry's toughest identity challenges.In this episode, Daniel explains why attack path management is never a one-and-done effort, how to focus on the high-impact issues that matter most, and why success depends on dedicated ownership rather than tools alone.This is an honest and practical look at what it truly takes to understand and manage attack paths in modern identity environments.Guest Bio Experienced IT Architect, Consultant, and Technical Program Manager specializing in Active Directory and Entra ID (Azure AD). A recognized industry leader in Identity and Access Management (IAM) and cybersecurity, with extensive expertise designing and deploying large-scale cloud-based IAM and CIAM solutions supporting millions of users.Former Microsoft Program Manager, instrumental in driving technical content, readiness, and enterprise adoption of Azure AD. Proven ability to lead end-to-end project lifecycles, align security strategies with regulatory requirements, and design robust directory and identity federation solutions.Guest Quote " You cannot be an active directory admin or an architect owner of the service, and run an attack path management program on the side. You need a dedicated team to do it.”Time stamps 01:05 Meet Daniel Stefaniak: The IAM Guy 02:08 The Insanity of Attack Path Management 03:27 Challenges and Realities of Attack Path Management 07:57 Choosing the Right Tools 10:32 Implementing Effective Attack Path Management 12:50 Using OKRs in Tech Path 14:50 Team and Resource Requirements 16:20 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Daniel on LinkedInLearn more about JPMorgan ChaseConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Newly minted Microsoft MVP, pentester, and returning guest Spencer Alessi joins The PowerShell Podcast to talk about growth, giving back, and building security through PowerShell. Spencer shares lessons from his journey from sysadmin to pen tester, including the importance of learning from mistakes, documenting wins, and advocating for yourself in your career. He also introduces his latest open-source project, AppLocker Inspector, and discusses tools like Locksmith, Pink Castle, and Purple Knight that help IT pros secure their environments and build confidence in automation and defense.   Key Takeaways: Grow through mistakes – Learn from both your own missteps and those of others; every lesson strengthens your technical and professional skills. Security tools for sysadmins – Free PowerShell-based tools like AppLocker Inspector, Locksmith, and Purple Knight offer practical wins for securing Active Directory. Advocate for yourself and give back – Track your wins, share your work, and pay forward the mentorship and generosity that helped you grow. Guest Bio: Spencer Alessi is a Microsoft MVP, penetration tester, and community educator passionate about helping sysadmins strengthen their environments. Known online as @TechSpence, he creates approachable content and tools focused on helping sysadmins o improve security. Spencer is also a podcast host, public speaker, and strong advocate for mentorship, authenticity, and continuous learning in tech.   Resource Links: Spencer on PDQ Live - https://www.youtube.com/watch?v=j33dN2bELPU AppLocker Inspector – https://github.com/techspence/AppLockerInspector Purple Knight – https://www.semperis.com/purple-knight/ Ping Castle – https://www.pingcastle.com/download/ Locksmith (ADCS Auditing Tool) – https://github.com/jakehildreth/locksmith ADeleginator – https://github.com/techspence/ADeleginator Spencer's Links – https://links.spenceralessi.com Cyber Threat Perspective Podcast – https://offsec.blog Connect with Andrew - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=lPoc8X7t0hY&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=0gcJCbAEOCosWNin The PowerShell Podcast on YouTube: https://youtu.be/E4ji0-rmsuA

Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike's passion for photography and how creativity ties into continuous learning in tech.Connect with Mike: https://www.linkedin.com/in/mreiring/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Intro – Live from InfoSec World 202502:00 Meet Mike Reiring of RSM04:30 Evolution of Managed Service Providers06:30 Shared Accounts, Identity, and Security Maturity09:00 Vendor Gaps and Federated Access Challenges11:30 What Makes a Good MSP Partner13:00 The Cost and Effort of Changing Providers16:30 MSP vs MSSP – Key Differences18:30 Coordination Between Managed Providers21:30 Top 3 Questions to Ask Your MSP25:00 Identity Ownership: IT or Security?27:30 Licensing, Active Directory, and Hidden Accounts30:00 RFP Challenges and Procurement Pitfalls32:00 Measuring Risk and Reducing Identity Exposure34:30 Vendor Management and Shadow IT Risks35:00 How AI Is Transforming MSP and MSSP Operations38:30 AI, Problem Management, and the Future of Help Desks42:30 Photography, Creativity, and Continuous Learning48:00 Closing Thoughts and IDAC OutroKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast

Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?"  It's not a pro-AI celebration, nor is it an anti-AI bashing.  Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He's helped organizations redefine what it means to build security cultures that actually work.In this episode, Nathan explains why communication (not technology) s a CISO's most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.This is an insightful look at the people-first mindset behind stronger, more resilient security programs.Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program managementGuest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan's Advice for Security LeadersSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Nathan on LinkedInLearn more about OptivConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

In this milestone 200th episode of The PowerShell Podcast, Frank Lesniak returns to chat with Andrew Pla about automation, community, and what it means to “bet on yourself.” Frank shares his experiences leading cybersecurity and enterprise architecture projects, using PowerShell for AWS security automation, and developing tools to simplify complex data exports. He also discusses the upcoming PowerShell Summit, his work with DuPage Animal Friends, and the value of giving back through mentorship, community involvement, and open source.   Key Takeaways: PowerShell in the cloud – Frank dives deep into AWS automation and explains how PowerShell can simplify security and configuration management at scale. From console to community – After years of speaking and mentoring, Frank emphasizes how collaboration and consistent effort lead to career growth and confidence. Giving back through leadership – As VP of DuPage Animal Friends, Frank highlights the power of using your professional skills for good beyond tech. Guest Bio: Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where he leads a 45-member team focused on Microsoft's M365/Modern Work platform. His team specializes in navigating the technical complexities of corporate M&A, executing at-scale divestitures and integrations centered on Azure, Microsoft 365, Entra ID, Active Directory, and Windows. An active contributor to the tech community, Frank is a published author, open-source contributor, and a frequent speaker at conferences and user groups on topics including PowerShell, artificial intelligence, and offbeat technical talks related to his hobbies. In his local community, he serves as the Vice President of DuPage Animal Friends, a non-profit dedicated to supporting DuPage County's sole open-admission animal shelter.   Resource Links: Connect with Frank -https://linktr.ee/franklesniak Frank Lesniak on X (Twitter) – https://x.com/FrankLesniak Frank on LinkedIn – https://linkedin.com/in/flesniak Connect with Andrew - https://andrewpla.tech/links DuPage Animal Friends – https://dupageanimalfriends.org Previous Podcasts with Frank - https://powershellpodcast.podbean.com/?s=Frank%20Lesniak PowerShell Wednesdays – YouTube Playlist PDQ Discord (PowerShell Scripting Channel) – https://discord.gg/PDQ PowerShell Summit OnRamp Scholarship – https://www.powershellsummit.org/on-ramp/ The PowerShell Podcast on YouTube: https://youtu.be/cQvs5s3T1DA

This episode features Heather Costa, Director of Technology Resilience at Mayo Clinic. With over two decades of experience building resilience programs at leading healthcare institutions, Heather has redefined what it means to prepare for and thrive through disruption. From Cleveland Clinic to Mayo Clinic, she's led enterprise-wide recovery strategies that balance people, process, and technology. In this episode, Heather explains why true resilience starts with leadership, not technology, how to set clear priorities when everything feels critical, and how to design organizations that adapt and recover faster. This is a powerful look at the mindset and methods behind building resilience that lasts in healthcare and beyond. Guest Bio Heather M. Costa is a leading authority in cyber and technology resilience, currently serving as Director of Technology Resilience at Mayo Clinic. With over twenty years of experience, she has shaped resilience programs at premier healthcare institutions, notably pioneering business resilience at Cleveland Clinic before architecting Mayo Clinic's enterprise-wide recovery and continuity initiatives. Heather is a dynamic leader, keynote speaker, and mentor, frequently invited to share her insights at organizations and conferences such as Harvard NPLI, HIMSS, and the HIPAA Summit. She is recognized for building high-performing teams and fostering the next generation of cybersecurity leaders. Heather holds a Master's in Homeland Security – Information Security and Forensics from Penn State, a summa cum laude Bachelor's in Emergency Management from the University of Akron, and multiple esteemed certifications including Certified Business Continuity Professional (CBCP), Certified Cyber Resilience Professional (CCRP). She is Vice President for the WiCyS Healthcare Affiliate and a member of several distinguished honor societies. Outside of work, Heather is a dedicated solo mom to five children, inspiring her family and community with her resilience and leadership. Guest Quote "[Resilience]  means not just recovering, but being better. Adapting, where we're wired in our DNA organizationally, to thrive in disruption, not just survive.” Time stamps 01:08 Meet Heather Costa: Cyber Resilience Expert 04:49 Understanding Resilience in Healthcare 22:36 Starting with Minimal Viable Recovery 25:56 Worst Case Scenario Planning 28:30 Building a Resilient Environment 29:33 Heather's Blue Sky Strategy Planning 35:26 What's Missed When Building Resilience 37:43 Final Advice on Resilience Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Heather on LinkedIn Learn more about Mayo Clinic Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.Key Topics Covered:Early career pivots: Army leadership, perseverance, and precision → IT foundationsCertifications as a fast track (then) vs. blended learning and passion projects (now)The “pick your pain” decision: staying comfortable vs. returning to school to advanceBuilding a CISO gap analysis from job reqs and targeting stretch assignmentsUpgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)Turning tough feedback into growth: from geek speak to boardroom dialogueConsulting variety vs. ownership: when to switch for long-term impactThe 100-day plan: assess → plan → act → measure → adjust (with IR first)Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 daysMetrics as a “health language” and why today's CISO must be a radical collaboratorCarl's story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.Widely known as “Dr. Zero Trust”, he's the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.Guest Bio Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.Guest Quote" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”Time stamps 01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and AdviceSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Chase on LinkedInLearn more about Demo-Force.comChase's HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse Connect with Sean on LinkedIn Don't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. Jeremy Chapman, Microsoft 365 Director, shows how to start minimizing your local directory and make Microsoft Entra your source of authority to protect access everywhere. ► QUICK LINKS: 00:00 - Minimize Active Directory with Microsoft Entra 00:34 - Build a Strong Identity Foundation 01:28 - Reduce Dual Management Overhead 02:06 - Begin with Groups 03:04 - Automate with Graph & Policy Controls 03:50 - Access packages 06:00 - Move user objects to be cloud-managed 07:03 - Automate using scripts or code 09:17 - Wrap up ► Link References Get started at https://aka.ms/CloudManagedIdentity Use SOA scenarios at https://aka.ms/usersoadocs Group SOA scenarios at https://aka.ms/groupsoadocs Guidance for IT Architects on benefits of SOA at https://aka.ms/SOAITArchitectsGuidance ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

This episode features Jonathon Mayor, Principal Security Consultant for the Americas at Cohesity.A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team, Jonathon has more than 20 years of experience in security operations, forensics, and business continuity, with past leadership roles at EMC, Dell, and Verizon. He's guided Fortune 500 and Global 1000 organizations through high-stakes incident response and recovery.In this episode, Jonathon explains why trust is the first casualty in a cyberattack, how to distinguish between mission critical operations and mission critical response, and why resilience depends as much on people and process as on technology. He shares candid lessons from the field on avoiding endless “what if” scenarios, preparing for the human toll of prolonged incidents, and building flexibility into every plan.This is a practical look at cyber resilience and the critical skills every leader needs to have before the next 2 a.m. incident call. Guest Bio Jonathon Mayor is Principal Security Consultant for the Americas at Cohesity, where he has helped many Fortune 500 and Global 1000 organizations strengthen cyber resilience through threat intelligence, incident response, and recovery strategy. A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team (CERT), his current focus is proactively collaborating with security partners and customers to strengthen security posture and readiness by drawing from the experiences and lessons learned through CERT.With more than 20 years in security operations, forensics, and business continuity, Jonathon has held leadership roles at EMC, Dell, and Verizon, where he oversaw global NOC operations and major incident mitigation.Guest Quote " The thing that's most important that's lost first and hardest to regain is trust. Everything else is secondary. If the very tools that I'm relying on to respond have been compromised, and therefore I can't trust them, where does my plan go from there?”Time stamps 01:10 Meet Jonathan Mayor 03:37 Rethinking What's Mission Critical 12:25 Avoiding Endless What If's 15:50 Paranoia Has a Budget: Prioritizing Risks 21:27 The Human Element in Cyber Defense 25:01 Importance of Mindset Flexibility 27:11 Post-Incident AdviceSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Jonathon on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

In this episode, we're digging into a super awesome Active Directory security tool called PingCastle. We'll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.

This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA.With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident.In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected. He unpacks key lessons on preparing for low-probability, high-impact events, defending against identity misuse, and why trust must always come with verification.This is a behind-the-scenes look at the Snowden breach, and what every cybersecurity leader needs to learn from it.Guest Bio  Chris served as the first national cyber director of the United States, and as deputy director of the NSA for eight years. Chris has spent more than four decades in public service shaping the future of national cybersecurity.His career includes serving as a commissioner on the US Cyberspace, solarium Commission, and as as an advisor to the Department of Defense and the intelligence community. Chris has received numerous honors for his service, including the President's National Security Medal and the DNI distinguished service medal.A U.S. Air Force Academy graduate, he holds advanced degrees in engineering and computer science from Columbia University and the George Washington University. His military career includes over 30 years in the U.S. Air Force and Air National Guard, retiring as a brigadier general. Most recently, he served as a U.S. Naval Academy Looker Distinguished Visiting Professor for cyber studies and as a commissioner on the U.S. Cyberspace Solarium Commission.Guest Quote " The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps 01:29 The Snowden Incident: A Deep Dive 06:07 NSA's Internal Challenges and Lessons Learned 07:29 Organizational Silos and Technical Blind Spots 13:42 Crisis Management and Response Strategies 16:56 Public Perception and Trust 23:22  Misunderstandings of Snowden's Allegations 28:15 Lessons from the Snowden Incident 29:44 Cybersecurity in the Business World 29:57 How the Snowden Incident Reshaped NSA's Threat Monitoring 36:49 Strategic and Tactical Approaches to Security 42:35 Final Thoughts and TakeawaysSponsor Identity Breach Confidential is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jeff on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

This episode features Jake Hildreth, Principal Security Consultant at Semperis.With nearly 25 years of IT experience, Jake has seen how Active Directory Certificate Services (AD CS) can quietly become the most fragile, and most dangerous, part of an enterprise's identity infrastructure. Misunderstood, neglected, and often misconfigured, AD CS can hand attackers the ability to impersonate anyone in the organization.In this episode, Jake demystifies why certificates feel like “cult knowledge,” explains how simple missteps in AD CS cascade into critical risks, and shares real-world lessons from the front lines. He also introduces tools designed to help overworked admins find and fix issues before adversaries exploit them.This is a candid look at one of the least understood but most critical components of identity security, and the steps every security team should take now to avoid becoming the slowest gazelle in the herd.Guest BioJake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services.He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.Guest Quote" The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps05:00 Why Are People Afraid of Certificates?07:52 Basics of Public Key Infrastructure (PKI)17:36 How AD CS Integrates with Active Directory20:20 Setting Up and Configuring AD CS23:19 Active Directory and Certificate Services Integration23:54 Consequences of a Compromised AD25:55 Primary Use Cases for AD CS28:39 Recommendations for Managing AD CS30:46 Locksmith: A Tool for AD CS Issues34:06 Common Security Issues in AD CS38:28 Steps to Improve AD CS SecuritySponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jake on LinkedIn Learn about Locksmith Learn about Purple Knight Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

Episode 1000! Richard Campbell invites Paul Thurrott to join him to celebrate the milestone episode and answer questions from listeners. From the creation of the podcast to the role of Windows in the modern world, the impact of ARM, Cloud, and many other technologies - all addressed in this super-sized episode. And yes, artificial intelligence is part of the conversation—and will be part of the workflows that sysadmins utilize on a day-to-day basis. Thanks to all the folks who sent in questions for this special show - and thanks for listening!LinksDoes Windows Still MatterWindows Server 2025ARM in AzureAzure FastTrackCloud Adoption Framework for AzureMicrosoft VivaRecorded August 31, 2025

Today, we'll take a look at something that is of the essence for anyone working with identities and the shift to the cloud. What is Group SOA, and why should you care? We reflect on the dependencies of Active Directory, the five stages of transformation, and what this capability will help you achieve. (00:00) - Intro and catching up.(05:20) - Show content starts.Show links- Group SOAProvide feedback- Give us feedback!

This episode features Ed Amoroso, CEO of TAG Infosphere and former AT&T Chief Security Officer.With decades of experience securing complex infrastructures, Ed joins during a period of unprecedented change in the U.S. federal government, a moment he warns is ripe for cyberattacks. In this episode, Ed explains why rapid organizational shifts create prime openings for adversaries, and why Active Directory, often poorly understood and “orphaned” in ownership, is the first place attackers look for the keys to the kingdom. He shares practical steps for reducing complexity, shoring up identity infrastructure, and spotting risks before they're exploited. This is a timely look at how change fuels cyber risk, and the urgent actions every security leader should take now. Guest BioDr. Ed Amoroso is CEO of TAG Infosphere. An NYU professor and former AT&T executive, Ed started TAG Cyber in 2016 to democratize research and advisory services and unleash his inner entrepreneur. Business Insider tapped him as one of the country's 50 leaders “who helped lead the cyber security industry." Guest Quote"The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.” Time stamps02:25 Cybersecurity in Times of Change 14:34 Active Directory: The Heart of Cybersecurity 17:35 Recommendations for Organizations 27:04 The Role of Government and Private Sector 30:01 Final Thoughts and Advice Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Ed on LinkedIn Learn more about TAG InfosphereConnect with Sean on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

Hello friends!  Today your friend and mine, Joe “The Machine” Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy!  Today's pwnage includes: “Upgrading” our Sliver C2 connection to a full system shell using PrintSpoofer! Abusing nanodump to do an lsass minidump….and find our first cred. Analyzing BloodHound data to find (and own) excessive permissions against Active Directory objects

In this high-energy episode, returning guests Gilbert Sanchez and Jake Hildreth join Andrew for a deep dive into: Module templating with PSStucco Building for accessibility in PowerShell Creating open source GitHub orgs like PSInclusive How PowerShell can lead to learning modern dev workflows like GitHub Actions and CI/CD What begins with a conversation about a live demo gone hilariously sideways turns into an insightful exploration of how PowerShell acts as a launchpad into bigger ecosystems like GitHub, YAML, JSON, and continuous integration pipelines.Bios &   Bios: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD.   Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.   Links https://gilbertsanchez.com/posts/stucco-create-powershell-module/ https://jakehildreth.github.io/blog/2025/07/02/PowerShell-Module-Scaffolding-with-PSStucco.html https://github.com/PSInclusive https://jakehildreth.com/ https://andrewpla.tech/links https://discord.gg/pdq https://pdq.com/podcast https://youtu.be/w-z2-0ii96Y  

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. We'll break down how AD CS works, how it gets abused, and what defenders need to do to lock it down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

July 21, 2025: Josh Tacey, Enterprise Architect at Omnissa, joins Bill for the news. They discuss all things HIPAA security-related as the refinement process continues to advance. The conversation centers on the controversial 72-hour business continuity requirement—can health systems really restore operations within three days when current ransomware recoveries take weeks? Josh explores whether mandated network segmentation actually helps attackers by providing a standard blueprint, and why Active Directory remains every hacker's primary target.  Key Points: 01:46 HIPAA Security Rule Issues 07:52 Challenges in Network Segmentation 10:58 Access Control and Vulnerability Patching 18:20 Architectural Practices in Healthcare News Articles:  HIPAA Security Rule X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Dave Sobel hosts a sponsored webinar discussing the modern endpoint management capabilities of Microsoft Intune, particularly its relevance for Managed Service Providers (MSPs). The session features Rolando Jimenez, a technical trainer at Nerdio, and Hugo Salazar, a Go Live engineer, who share their insights and experiences with Intune. They explore the evolution of Intune from a supplementary tool to a central component of Microsoft 365, emphasizing its integration with security products and the shift away from traditional on-premises solutions like Active Directory and Group Policy.The conversation highlights the practical aspects of deploying Intune, including the importance of pre-planning and understanding the complexities involved in transitioning from legacy systems. Rolando and Hugo discuss common pitfalls that MSPs encounter when setting up Intune, such as the need for proper configuration and the significance of using tools like the Group Policy Analyzer. They also emphasize the benefits of using Intune's autopilot feature for zero-touch enrollment, which streamlines the onboarding process for new devices.Security is a major focus, with the speakers addressing how Intune helps manage compliance and protect sensitive data, especially in a remote work environment. They explain the differences between Mobile Device Management (MDM) and Mobile Application Management (MAM), detailing how MAM allows for the protection of corporate data on personal devices without requiring full device management. This nuanced approach is crucial for organizations that want to balance user privacy with security needs.As the discussion wraps up, Rolando and Hugo encourage MSPs to embrace Intune as a powerful tool for endpoint management. They stress the importance of leveraging the capabilities of Intune to enhance operational efficiency and security while providing practical advice for successful implementation. The session concludes with a Q&A segment, where they address specific questions from the audience, further clarifying the benefits and functionalities of Intune in modern IT management. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

If you like what you hear, please subscribe, leave us a review and tell a friend!

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!LinksKB5014754Microsoft Security Response CenterCreate and Assign SCEP Certificate Profiles in IntuneRecorded April 10, 2025

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com

The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, and he is discussing the latest with CISA and Chris Krebs. Selected Reading Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today) US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine) Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin) Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread) Dangling DNS Attack Let Hackers Gain Control Over Organization's Subdomain (Cyber Security News) Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech) Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer) Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping Computer) AI Hallucinations Create a New Software Supply Chain Threat (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices