Directory service created by Microsoft for Windows domain networks
POPULARITY
In this episode, Steve Goodman and Bastiaan Verdonk interview Victor King from Quest on best practices for Active Directory security. They discuss identifying misconfigurations, managing privileged access, and continuous environmental monitoring.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!
"We're here to take the complexity out of unified communications — and turn it into simplicity." — Todd Remely, Unimax At Cisco Live 2025 in San Diego, Technology Reseller News publisher Doug Green caught up with Todd Remely of Unimax to explore how the company is streamlining unified communications (UC) management for enterprises and partners alike. With over 30 years in business, Unimax is a veteran in the telecom software space. Their tools help organizations manage Cisco, Microsoft Teams, Zoom, and Avaya UC systems more efficiently — and that value was on full display across two booths at Cisco Live: one in the Collaboration Village (highlighting Webex integration) and another on the main show floor. Three Ways Unimax Delivers Simplicity in Complex UC Environments: Second Nature A power-user interface that layers over Cisco and other major UC platforms, enabling administrators to perform complex MACDs (moves, adds, changes, deletes) and configuration tasks like provisioning, routing, and device pool management — all from one streamlined dashboard. Automation Platform Unimax enables full automation of provisioning and deprovisioning processes. Their platform integrates with Active Directory, ServiceNow, Remedy, HRIS systems, and any REST API-enabled tool, drastically reducing time and human error in user onboarding and offboarding. HelpOne A lightweight interface that empowers Tier 1 help desk agents to complete routine MACDs — such as password resets — without telecom expertise, freeing up UC teams to focus on higher-priority work. Remely noted strong engagement from MSPs and resellers, many of whom use Unimax's multi-tenant solutions to manage customer UC systems at scale. "We're solution-focused," he said. "And we love working with end users — because that's where the real problems are, and that's where we can help most." For more information or to request a demo, visit unimax.com or contact the team at tellmemore@unimax.com.
Why would a security vulnerability take more than two years to fix? Richard chats with Steve Syfuhs about the evolution of the response to KB5015754. Originally published in 2022, the issue involved vulnerabilities in the on-premises certificate authority for Active Directory. Pushing a fix to force the immediate replacement of the certificates could have left users unable to log into Active Directory entirely. Steve explains how the gradual rollout of the fix allowed folks concerned (and paying attention!) to fix it immediately. At the same time, for everyone else, the fix happened as the existing certificates expired. But not every scenario is automatic - some require sysadmin intervention. So, how do you get their attention? The story leads to the February 11, 2025 update that could knock some users off Active Directory, but had an easy and quick fix. The final phase should be September 2025; hopefully, the last stragglers will be ready!LinksKB5014754Microsoft Security Response CenterCreate and Assign SCEP Certificate Profiles in IntuneRecorded April 10, 2025
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.
On this episode of Security Noise, Geoff and Skyler chat with Identity Security Architect Sean Metcalf about securing Active Directory, Entra, DS, and that messy space in between. Sean also talks about his recent presentation at RSA, common challenges in the identity security space, frequently seen penetration test findings, and more! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.
(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment. Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore advanced techniques and tools for monitoring, detecting, and responding to suspicious activities within your network.- Case Studies: Hear real-world examples of Active Directory attacks and what lessons can be learned from them.- Interactive Q&A: Have your specific questions answered during our live Q&A session with the experts.Whether you want to enhance your security posture or start from scratch, this webinar will provide you with the knowledge and tools necessary to protect your systems more effectively.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!
It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com
It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com
It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com
It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com
Active Directory is 25 years old - are you still managing it like it's 1999? Richard talks to Liz Tesch about her excellent blog post on the subject and the challenge many sysadmins have with Active Directory today. Liz talks about how WAN bandwidth was a concern in the early 2000s, so we organized Active Directory into Organizational Units to minimize the amount of AD traffic over the WAN - today, that is irrelevant. The challenge today is ensuring AD is not a vector for blackhats to attack the organization. Raising your functional level and utilizing some great free tools (check the links in the show notes) are all you need to use Active Directory like it's 2025!LinksActive Directory is 25 Years Old. Do you still manage it like it's 1999?mimikatzWindows Local Administrator Password SolutionMicrosoft Entra Privileged Identity ManagementKara Lawson - Handle Hard BetterEndpoint Detection and ResponseRecorded April 4, 2025
It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com
It's go time: The biggest Patch Tuesday of 2025 sets the stage for 2025! Microsoft has finally revealed whether it will further extend Windows 10 support past October (it won't). Also, Microsoft designed notifications in Windows 11 to be annoying and pointless, so Paul has some advice. Plus, Proton Drive gets a long awaited albums feature, and more on the way.Windows 11 Recall (preview) and Click to Do (preview) come to stable for the first time Let's give Microsoft a bit of credit for this one non-reported behavior Also: Improvements to Settings, Narrator, Start, Phone Link, Widgets, File Explorer You knew this was coming: Microsoft now testing a "Hey, Copilot" feature It's opt-in and an alternative to holding down Alt + Spacebar for two seconds Microsoft discusses the new Start design and it's not a s#$t show like it was three years ago No builds for the second Friday in a row Improvements to Settings AI agent, intelligent text actions in Click to Do, a few small changes come to 24H2 in Dev and Beta channels Copilot Vision gets Highlights and 2-App Support across all channels Google's big Android reveal includes Material Expressive, big Wear OS update. Android, like Windows 11 (and iOS) is just being updated all the time now Windows 10 Extended support program Will support Microsoft 365 on Windows 10 through October 2028 Those time frames are identical So what about those Surface PCs that can't upgrade to Windows 11? Microsoft has an answer (for all unsupported PCs) and it's not as cynical as you think Microsoft quietly discontinued entry-level 13.8-inch Surface Laptop and 13-inch Surface Pro when it introduced those smaller new models last week Layoffs Microsoft just made $70 billion, so naturally it's laying off employees. How to explain this? The FTC's losing streak against Microsoft continues A proposal for solving the "Mozilla problem" in U.S. v. Google Fortnite could return to the iPhone App Store as soon as today AI OH MY GOD IS THERE NO AI NEWS FOR ONCE. OK, three small items OpenAI brings OneDrive and SharePoint integration with ChatGPT for paid business customers "AI mode" could replace "I'm feeling lucky" on the Google home page Spotify's AI DJ keeps improving Dev Build is next week in Seattle, a few thoughts .NET 10 Preview 4 is out Xbox & Games Today's the day: DOOM: The Dark Ages goes live at 8:00 ET tonight! Xbox Insiders can now play cloud-enabled games with mouse and keyboard Paul reviews the Backbone Pro controller Nintendo revenues slide big ahead of Switch 2 - 15m consoles expected in first year Sony sold 18.5 million PS5s in the most recent fiscal year, down 11 percent YOY Tips & Picks Tip of the week: Windows 11 notifications make iOS look sophisticated App pick of the week: Proton Drive RunAs Radio this week: Active Directory in 2025 with Liz Tesch Brown liquor pick of the week: Limeburners Albany Tawny Cask These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/932 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: 1password.com/windowsweekly threatlocker.com/twit uscloud.com
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS. In This Episode You Will Learn: How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries Why mentorship and positive leadership can catapult your cybersecurity career When measuring network response times can unintentionally leak valuable info Some Questions We Ask: Do you remember the first time you made code do something unexpected? What was your experience like in the Zero Day Quest building for those three days? How are you thinking of approaching fuzzing after Zero Day Quest? Resources: View Marco Ivaldi on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn HN SECURITY Learn More About Marco Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
This week, I'm talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting. While nesting can simplify account administration and permission management, it can also create real opportunities for attackers if...
Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat
The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, and he is discussing the latest with CISA and Chris Krebs. Selected Reading Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today) US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine) Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin) Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread) Dangling DNS Attack Let Hackers Gain Control Over Organization's Subdomain (Cyber Security News) Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech) Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer) Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping Computer) AI Hallucinations Create a New Software Supply Chain Threat (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
When it comes to cybersecurity, most people think about firewalls, passwords, and antivirus software. But what about the attackers themselves? Understanding how they operate is just as important as having the right defenses in place. That's where Paul Reid comes in. As the Vice President of Adversary Research at AttackIQ, Paul and his team work to stay one step ahead of cybercriminals by thinking like them and identifying vulnerabilities before they can be exploited. In this episode, we dive into the world of cyber threats, ransomware, and the business of hacking. Paul shares insights from his 25+ years in cybersecurity, including his experience tracking nation-state attackers, analyzing ransomware-as-a-service, and why cybercrime has become such a highly organized industry. We also talk about what businesses and individuals can do to protect themselves, from understanding threat intelligence to why testing your backups might save you from disaster. Whether you're in cybersecurity or just trying to keep your data safe, this conversation is packed with insights you won't want to miss. Show Notes: [00:58] Paul is the VP of Adversary Research at AttackIQ. [01:30] His team wants to help their customers be more secure. [01:52] Paul has been in cybersecurity for 25 years. He began working in Novell Networks and then moved to directory services with Novell and Microsoft, Active Directory, LDAP, and more. [02:32] He also helped design classification systems and then worked for a startup. He also ran a worldwide threat hunting team. Paul has an extensive background in networks and cybersecurity. [03:49] Paul was drawn to AttackIQ because they do breach attack simulation. [04:22] His original goal was actually to be a banker. Then he went back to his original passion, computer science. [06:05] We learn Paul's story of being a victim of ransomware or a scam. A company he was working for almost fell for a money transfer scam. [09:12] If something seems off, definitely question it. [10:17] Ransomware is an economically driven cybercrime. Attackers try to get in through social engineering, brute force attack, password spraying, or whatever means possible. [11:13] Once they get in, they find whatever is of value and encrypt it or do something else to extort money from you. [12:14] Ransomware as a service (RaaS) has brought ransomware to the masses. [13:49] We discuss some ethics in these criminal organizations. Honest thieves? [16:24] Threats look a lot more real when you see that they have your information. [17:12] Paul shares a phishing scam story with just enough information to make the potential victim click on it. [18:01] There was a takedown of LockBit in 2020, but they had a resurgence. It's a decentralized ransomware as a service model that allows affiliates to keep on earning, even if the main ones go down. [20:14] Many of the affiliates are smash and grab, the nation states are a little more patient. [21:11] Attackers are branching out into other areas and increasing their attack service, targeting Linux and macOS. [22:17] The resiliency of the ransomware as a service setup and how they've distributed the risk across multiple affiliates. [23:42] There's an ever growing attack service and things are getting bigger. [25:06] AttackIQ is able to run emulations in a production environment. [26:20] Having the ability to continuously test and find new areas really makes networks more cyber resilient. [29:55] We talk about whether to pay ransoms and how to navigate these situations. [31:05] The best solution is to do due diligence, updates, patches, and separate backups from the system. [35:19] Dealing with ransomware is a no win situation. Everyone is different. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Paul Reid - Vice President, Adversary Research AttackIQ Paul Reid on LinkedIn AttackIQ Academy Understanding Ransomware Threat Actors: LockBit
Send us a textIdentity management sits at the core of effective cybersecurity, yet many organizations still struggle with implementing it correctly. In this comprehensive breakdown of CISSP Domain 5.2, we dive deep into the critical components of managing identification and authentication systems that protect your most valuable assets.Starting with a timely examination of the risks involved in the proposed rapid rewrite of the Social Security Administration's 60-million-line COBOL codebase, we explore why rushing critical identity systems can lead to catastrophic failures. This real-world example sets the stage for understanding why proper authentication management matters.The episode walks through the essential differences between centralized and decentralized identity approaches, explaining when each makes sense for your organization. We break down Single Sign-On implementation, multi-factor authentication best practices, and the often overlooked importance of treating Active Directory as the security tool it truly is—not just an open database for anyone to query.For security practitioners looking to level up their authentication strategy, we examine credential management systems like CyberArk, Just-in-Time access models, and federated identity frameworks including SAML, OAuth 2.0, and OpenID Connect. Each approach is explained with practical implementation considerations and security implications.Whether you're studying for the CISSP exam or working to strengthen your organization's security posture, this episode provides actionable insights on establishing robust authentication controls without sacrificing usability. Don't miss these essential strategies that form the foundation of your security architecture.Ready to master CISSP Domain 5.2 and all other CISSP domains? Visit CISSPCyberTraining.com for structured learning materials designed to help you pass the exam the first time.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice! Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline. This week's episode is sponsored by SpecterOps, makers of the Bloodhound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using Bloodhound's insight. This episode is also available on Youtube. Show notes CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security Camera off: Akira deploys ransomware via webcam Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices Alleged Co-Founder of Garantex Arrested in India – Krebs on Security 37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica What Really Happened With the DDoS Attacks That Took Down X | WIRED Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News Safe.eth on X: "Investigation Updates and Community Call to Action" / X How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support. US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News Former top NSA cyber official: Probationary firings ‘devastating' to cyber, national security | CyberScoop U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post
Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly
Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly
Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly
Are you using strong certificate mapping in Active Directory? Richard Hicks returns to the show to talk about the impacts of KB5015754, issued way back in 2022, and how it turned into an enforcement event on February 11, 2025 that might have caused some serious problems for folks trying to authenticate to Active Directory. For most sites, the upgrade to strong certificates was pretty much automatic. But if you're using Intune SCEP, you needed to do some configuration - and if that was missed, there is trouble. There are workarounds for now, but come September 2025, enforcement will be mandatory and everything gets harder, so it's worth looking into it now!LinksKB5015754: Certificate-based Authentication Changes on Windows Domain ControllersRichard's Blog Post on Strong Certificate Mapping EnforcementActive Directory Certificate ServicesCreate and Assign SCEP Certificate Profiles in IntuneHeartbleedRecorded February 17, 2025
Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly
Your Patch Tuesday is showing. Paul Thurrott, Richard Campbell, and Leo Laporte go over the latest features for Windows 11 with the KB5053598 update. Also, the hosts discuss Press to Talk for Insiders, the Windows app replacing Remote Desktop, the agentic future of browsers, Copilot integration in GroupMe, Gemma 3, issues with Xbox Wireless Controller 5.23.5.0 firmware, Pocket Casts Web Player, and the "vibe coding" era. Plus, Fences 6 is now in Beta, on sale! Woody Leonhard, RIP Like Jerry Pournelle, a major influence on Paul's career and writing style He had a mysterious life in latter years, not clear what happened Windows 11 Windows 11 gets all the features we've discussed recently Are we heading towards something bigger this year? Or just more of the same? New Canary and Beta (23H2) builds New Dev and Beta (24H2) builds Copilot in Windows 11 is getting Press to Talk Microsoft follows through on threat, kills Remote Desktop App - our latest outrage Arc crashed and burned but we can still evolve web browsers What about sidebar apps as a UX baby step forward? Does Edge need to restart every three days now to install updates? Microsoft 365 Google promotes ChromeOS/Chromebooks as the right client ... for Microsoft 365 Dev Build 2025 registration is now open AI It's Microsoft's 50th anniversary, so it's going to announce AI something something Paul has agreed to attend this, from Mexico Also, report that Microsoft's in-house models now rival OpenAI is a hint Microsoft improves Think Deeper in Copilot using OpenAI o3-mini Google secretly owns 14-15 percent of Anthropic WTF is going on with Big Tech and regulatory evasion? On that note, CMA clears Microsoft + OpenAI specifically because of change to partnership Also, Google launches Gemma 3 The Siripocalypse - AI is a hard computer science problem and Siri is the dumb blond in this space Amazon will use AI to dub movies and TV series because obviously Xbox Rumor: Third-party portable Xbox gaming handheld this year, console resets in two years You could have cobbled this together solely based on what Microsoft has said publicly Xbox controller firmware, we have a problem Tips and Picks Tip of the week: Code with AI App pick of the week: Fences RunAs Radio this week: Strong Certificate Mapping in Active Directory with Richard Hicks Brown liquor pick of the week: Ardbeg 10 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: 1password.com/windowsweekly
L'IA causera la fin de l'humanité Shamelessplug Hackfest Swag Join Hackfest/La French Connection Discord Join Hackfest us on Mastodon Sujet d'opinion Faut-il régulariser les IA ? La sommet de l'AI en Europe Yoshua Bengio - Dit que la fin à cause de l'IA arrive dans 10 ans… exagère-t-on ou on ne comprend pas? Irresponsible disclosure Quebec ChatGPT - exploitable … ça roule en root! Nouvelles Ottawa prépare des cyberattaques contre les narcotrafiquants Canadian charged with stealing $65 million using DeFI crypto exploits Hackers Hijack JFK File Release: Malware & Phishing Surge How hackers target your Active Directory with breached VPN passwords Crew Patrick Mathieu Richer Dinelle Jacques Sauvé Crédits Montage audio par Hackfest Communication Music par GreatOwl – Lilia Sin Mi - Einimali Locaux virtuels par Streamyard
In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging.Guest Socials: Katie's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:27) A bit about Katie(03:17) Domain Admin in Azure(07:03) Common causes of incidents in Azure(08:53) Identities in Azure(11:44) Third Party Identities in Azure(17:34) Azure Networking and Incident Response(22:35) Common Incidents in Azure(26:53) AI specific incidents in Azure(28:45) Privilege escalation in Azure(39:37) Where to start with Azure Research?(48:20) The Fun Questions
Ready to upgrade to Windows Server 2025? Richard talks to Robert Smit about his experiences doing an upgrade—with a few important dos and don'ts! Robert talks about dusting off your Active Directory setup and ensuring you're at the Server 2016 functional level. The conversation also dives into the new-build-versus-upgrade options, taking advantage of SMB over QUIC and SMB Compression, and much more!LinksWindows Server 2025Upgrading to Windows Server 2025Azure ArcWindows Admin CenterSMB CompressionWindows ToolsRemote Server Administration ToolsConfiguration ManagerAzure Arc-enabled System Center Virtual Machine ManagerLive Migration with Workgroup ClusterRecorded January 7, 2025
The hosts analyze a series of recently released vulnerabilities and CVEs, offer expert insights, and detail their implications for cybersecurity. They review key threats impacting Active Directory, Windows systems, and Apple devices, emphasizing the ease of exploitation and the pressing need for timely patching. The conversation stresses the importance of implementing strong, defense-in-depth cybersecurity strategies.
In this episode of the PowerShell Podcast, we welcome back security-focused PowerShell expert Jake Hildreth for an insightful conversation about PowerShell, security tools, and his continued journey in the PowerShell community. Jake shares updates on Locksmith v2, his work with PowerPUG, and his experience learning new PowerShell techniques to refine and improve his tools. Bio: I'm a husband, a dad, and a recovering sysadmin. I've worked in technology since the year 2000, when I got my first tech job as Tier 1 support for cable modem companies. After that, I transitioned into systems & network administration, always with a security focus. In the last three years, I pivoted into security, focusing on Active Directory. When I'm not working, I enjoy cooking, drinking whiskey, lifting weights, traveling, reading... and writing code. Coding is like creating and solving little puzzles for yourself! So soothing. Key topics in this episode include: The evolution of Locksmith and the road to v2, including improvements in automation, PowerShell best practices, and making security more accessible. PowerPug and the protected users group, a tool that helps sysadmins secure their environments by eliminating outdated authentication vulnerabilities. Learning Crescendo, explore how Jake wrapped certutil.exe. Improving PowerShell workflows, including scripting automation, optimizing profiles, and using community resources for best practices. The importance of documentation, automation, and making security easier for sysadmins. Jake also shares insights from his time working with the PowerShell community, including PowerShell Wednesdays, learning from peers, and the power of building in public. Join the conversation: Follow Jake at JakeHildreth.com for links to all his projects and socials. Catch PowerShell Wednesdays every Wednesday at 2 PM EST in the PDQ Discord community (discord.gg/pdq) for live discussions and demos. Links: The PowerShell Podcast: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: https://youtu.be/A6ycrxQRIns
In this episode, we discuss several insecure protocols that are found within Active Directory environments. When these protocols are enabled, they could be abused by an attacker to perform a number of attacks, including privilege escalation and lateral movement. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
"A midi on était super-admin" Le D.E.V. de la semaine est Clément Notin, Cybersecurity researcher @ Tenable. Clément vient pour discuter des défis de la sécurité de l'Active Directory (AD). Il met en lumière les attaques courantes, y compris le "password spraying", et met en relief l'intérêt de penser sécurité dès la phase de développement. Il aborde aussi les vulnérabilités potentielles dues à des problèmes de configuration, ainsi que la transition vers Entra ID dans le cloud. Selon Clément, une approche proactive contre les cyberattaques est essentielle.Chapitrages00:00:57 : Active Directory et Cyber Sécurité00:01:38 : Présentation de Clément Notin00:03:36 : Les Défis de la Cybersécurité00:05:32 : La Complexité des Métiers IT00:07:47 : Audits et Sécurisation de l'AD00:11:45 : Identification des Failles00:16:02 : Attaques sur Active Directory00:17:15 : Les Limitations de Microsoft00:19:55 : La Gestion des Configurations00:21:47 : Exploitation des Vulnérabilités00:28:12 : Stratégies d'Attaque Sophistiquées00:34:48 : Techniques d'Élévation de Privilèges00:39:16 : Automatisation des Attaques00:47:15 : L'Avenir de l'Active Directory00:49:32 : Conclusion et Ressources Recommandées Liens évoqués pendant l'émission ADSecurity.orgDirk-jan MollemaAADInternalsSpecterOpsTenable TechBlogclement.notin.org **Recrutez les meilleurs développeurs grâce à Indeed !** "Trouver des développeurs compétents et passionnés, comme les auditeurs d'If This Then Dev, peut être un vrai défi. Avec Indeed, connectez-vous rapidement avec des candidats qualifiés qui sauront s'épanouir dans votre entreprise. Profitez dès maintenant d'un crédit de 100 euros pour sponsoriser votre offre d'emploi : go.indeed.com/IFTTD."🎙️ Soutenez le podcast If This Then Dev ! 🎙️ Chaque contribution aide à maintenir et améliorer nos épisodes. Cliquez ici pour nous soutenir sur Tipeee 🙏Archives | Site | Boutique | TikTok | Discord | Twitter | LinkedIn | Instagram | Youtube | Twitch | Job Board |
In this episode of Stats On Stats, we sit down with Blake Regan, a cybersecurity expert specializing in incident response and digital forensics. Blake shares his journey from carpentry to cybersecurity, discussing how his past experiences shaped his approach to problem-solving in tech. Guest Connect LinkedIn: https://www.linkedin.com/in/blakeregan For the latest in cybersecurity news every Monday, check out 'Talkin' Bout [infosec] News' with Black Hills Information Security https://www.youtube.com/@BlackHillsInformationSecurity Checkout the first annual cybersecurity conference focused on Defenders - Blue Team Con in Chicago https://blueteamcon.com Up your knowledge on hacker culture and important events in cybersecurity history Darknet Diaries Podcast Series https://darknetdiaries.com/ Training to up your knowledge and sharpen your skillset Check out Antisyphon Training for on demand and live cybersecurity training, including Pay What You Can options https://www.antisyphontraining.com/ The ultimate resource for Active Directory hacking and defense content - AD Security by Sean Metcalf (@pyrotek3) https://adsecurity.org Stats on Stats Resources Merch: https://www.statsonstats.io/shop LinkTree: https://linktr.ee/statsonstatspodcast Stats on Stats Partners & Affiliates IntelliCON 2025 Website: https://www.intelliguards.com/intellic0n-speakers Register: https://www.eventbrite.com/e/intellic0n-2025-tickets-1002600072807 Use Discount Code for 20% off Tickets: STATSONSTATS Path AI Website: https://yourpath.ai Discount Code: Join our Discord community for access! Antisyphon Training Website: https://www.antisyphontraining.com MAD20 Training Website: https://mad20.io Discount Code: STATSONSTATS15 Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com Discount Code: STATSONSTATS Kevtech Academy Website: https://www.kevtechitsupport.com Dream Chaser's Coffee Website: https://dreamchaserscoffee.com Discount code: STATSONSTATS Podcasts We Like DEM Tech Folks Website: https://linktr.ee/developeverymind YouTube: https://www.youtube.com/@demtechfolks IntrusionsInDepth Website: https://www.intrusionsindepth.com YouTube: https://www.youtube.com/@IntrusionsInDepth Elastic DoD Architects YouTube: https://www.youtube.com/@elasticdod ----------------------------------------------------- Episode was shot and edited at BlueBox Studio Tampa https://blueboxdigital.com/bluebox-studio/
Recap IT is the newest series in Automox's Autonomous IT podcast network, delivering standout moments and highlights from the past month's podcasts and live shows. If you missed a podcast or live show last month, this is the series to get you caught up and informed! Episodes Highlights: (00:32 - 13:28) Autonomous IT Live – Optimize Your Endpoint Management: 3 IT Team Resolutions for 2025, E02 (13:29-15:50) Automox Insiders – Curiosity, Adaptability, and Career Growth with Ryan Jeziorski, E13(15:51-17:07) Hands-On IT – Resilience Rewired: Building Strength and Adaptability in IT, E14(17:08-22:05) Patch [FIX] Tuesday – January 2025 [Experts Analyze New Hyper-V, Active Directory, and macOS Vulnerabilities], E15(22:06-25:09) CISO IT – The CISO Blueprint pt. 1: Why There Are No 'Nos' in IT with Rich Casselberry, E15(25:10-28:51) Product Talk – Agent 2.0, New Linux CVE Data, and the Future of Autonomous Endpoint Management, E13(28:52-31:28) Automate IT – Building Resilient IT Teams and Solutions, E12
Are the dense jungles of Windows Server leaving you lost? Are Active Directory tangles, Entra ID integrations, or legacy issues keeping your IT nights sleepless? Well, grab your machete (or PowerShell) and join us on an expedition into the depths of Microsoft ecosystems in this week's episode of Data Center Therapy!In this thrilling adventure, your trusted guides, Matt “Server Sherpa” Yette and Matt “Patch Paladin” Cozzolino, are joined once again by IVOXY's own Microsoft guru, Dade “Forest Ranger” Wilson. Together, they brave the wilds of Windows Server and Active Directory to uncover the secrets, pitfalls, and solutions waiting within.What treasures (and traps) await you in this episode?Windows Server Assessment: Dade spills the beans on what his assessment covers, from identifying lurking performance issues to spotting security vulnerabilities in forgotten corners of your environment.Active Directory & Entra ID: How do these two pillars of Microsoft infrastructure intersect, and why do they often make us break a sweat?Best Practices & Pro Tips: Schema upgrades, time-sync nightmares, and why DNS is always the culprit—Dade and the Matts share their survival tips.Upcoming Workshop Alert: Don't miss out on IVOXY's upcoming Active Directory/Entra ID workshop and hands-on training class, led by Dade, designed to demystify these crucial Microsoft tools and set your team up for success.As always, if you enjoy the show, please be sure to like, share with three colleagues and subscribe wherever you get your quality podcasts.From the DCT crew – Stay cool, stay protected, be informed and see you at the next event and episode, compadres
We began by addressing a common stigma: why so many MSPs avoid Apple devices despite their undeniable popularity and premium quality. Ben highlighted that while many MSPs are deeply rooted in the Microsoft ecosystem—largely due to its strong channel support and financial incentives—Apple has been quietly making significant inroads into the business world. In fact, as Ben pointed out, companies like IBM and Cisco have embraced Apple devices, with up to 60% of their employees choosing Apple when given the option. This trend is a clear indication that Apple is no longer just for creatives or niche markets; it's becoming a mainstream choice for professionals across industries. One of the key takeaways from Ben's insights is that MSPs need to shift their mindset. Supporting Apple isn't just about ticking a box; it's a cultural shift. Apple devices require a different approach, both technically and operationally. Unlike the Windows ecosystem, where tools like Active Directory dominate, Apple relies on solutions like Apple Business Manager and Mobile Device Management (MDM) platforms. Ben emphasised that tools like Addigy, which he represents, are purpose-built for managing Apple devices and can provide MSPs with the support and guidance needed to navigate this shift. We also discussed the perception that Apple devices are “too expensive.” Ben countered this by sharing compelling data from his experiences and from industry leaders like Fletcher Previn, formerly of IBM. While Apple devices may have a higher upfront cost, their long-term value—including durability, user satisfaction, and reduced downtime—makes them a sound investment. For MSPs, this is an opportunity to educate clients on the total cost of ownership and the enhanced experience Apple can deliver. Ben also addressed the hesitancy some MSPs feel when considering Apple. He acknowledged that Apple's lack of engagement with the channel has made it harder for MSPs to feel confident about diving into the Apple ecosystem. However, he sees this as an opportunity rather than a limitation. By committing to building expertise with Apple, MSPs can differentiate themselves in the market, offering a premium service that competitors might shy away from. For those just starting, Ben suggested partnering with Apple-focused providers or leveraging resources like Addigy's MSP programmes to gain confidence and expertise. One of the most thought-provoking parts of our conversation was the long-term outlook. Ben painted a vivid picture of a future where Apple devices could become just as prevalent in the workplace as Windows machines. MSPs who take the time to embrace Apple now will be well-positioned to capitalise on this shift, while those who ignore it may find themselves playing catch-up. He also noted that the demand for Apple in business environments is often hidden; many MSPs underestimate the number of Apple devices already in their clients' ecosystems. A simple inventory check or conversation with clients could reveal untapped opportunities. Security and compliance were another critical topic. Ben reminded us that ignoring Apple devices isn't just a missed business opportunity; it's a potential liability. In today's world, where security threats don't discriminate by platform, ensuring all devices in an organisation—Apple included—are properly managed and secured is non-negotiable. Clients expect comprehensive protection, and failing to address Apple devices could lead to reputational and operational risks. To wrap up, Ben shared his advice for MSPs ready to take the leap into the Apple ecosystem. Start small, build confidence, and don't be afraid to partner with experts. He also stressed the importance of playing the long game. Building an Apple practice isn't about making quick gains; it's about creating a sustainable pipeline of opportunities that will pay dividends in the years to come. This episode was packed with actionable insights, and Ben Greiner's expertise on Apple was eye-opening. Whether you're an MSP owner curious about Apple or someone who's been hesitant to dive into the ecosystem, this conversation is a must-listen. If you'd like to connect with Ben, he's active on LinkedIn and ready to share more about how Addigy can help MSPs thrive with Apple. Connect with Ben Greiner through his LinkedIn by clicking HERE. You can also visit their website and learn more about Addigy by clicking HERE. Connect on LinkedIn HERE with Ian and also with Stuart by clicking this LINK And when you're ready to take the next step in growing your MSP, come and take the Scale with Confidence MSP Mastery Quiz. In just three minutes, you'll get a 360-degree scan of your MSP and identify the one or two tactics that could help you find more time, engage & align your people and generate more leads. OR To join our amazing Facebook Group of over 400 MSPs where we are helping you Scale Up with Confidence, then click HERE Until next time, look after yourself and I'll catch up with you soon!
In this week's episode, we take a look at five reasons to buy direct from authors through platforms such as Shopify and Payhip. We also take a look at my choice of computing platforms for 2025. This week's coupon code will get you 50% off the audiobook of Ghost in the Tombs, Book #3 in the Ghost Armor series, (as excellently narrated by Hollis McCarthy) at my Payhip store: TOMBS50 The coupon code is valid through February 7, 2025. So if you need a new audiobook for next week's cold weather, we've got you covered! 00:00:00 Introduction and Writing Updates Hello, everyone. Welcome to Episode 235 of The Pulp Writer Show. My name is Jonathan Moeller. Today is January the 17th, 2025 and today we are discussing the advantages of buying direct from the author. I will also share an update on what I've done for my writing computers this year and we also have Coupon of the Week, Question of the Week, and an update on my current writing projects. So let's get right to it. Let's start with Coupon of the Week. This week's coupon code is for the audiobook of Ghost in the Tombs, as excellently narrated by Hollis McCarthy. That is Book Three of the Ghost Armor series, and this coupon will get you 50% off the audiobook at my Payhip store: TOMBS50. This coupon code will be valid through February 7, 2025. So if you need a new audiobook for next week's cold weather, we have got you covered. Now let's share an update on my current writing projects. As of this recording, I am 116,000 words into Shield of Deception, which puts me on chapter 28 of 31. So I'm hoping before too much longer I will be able to be done with the rough draft, which I think I'm hoping I'm going to be able to finish it on Monday the 20th if all goes well, but we'll see how things work out. I think it's going to end up being around 125,000 words, which will make it the longest book in the Shield War series and probably the longest book I've written since the end of my Dragontiarna series back in 2021. I kind of wanted a break from really long, complex epic fantasy, but I had my break. I'm rested and now we're doing it again. I'm also 13,000 words into Ghost in the Tombs, which will be the fourth book in the Ghost Armor series, and I'm hoping to have that out in March and Shield Deception out in February. In audiobook news, Cloak of Masks is entirely done and working its way through processing. As I mentioned last week, it should be up on a couple of the stores like Google Play, Kobo, and Chirp, though it is not up on Audible yet. On Audible, though, is Ghost Armor Omnibus One (again narrated by Hollis McCarthy). That is an omnibus bundle of the first three books in the Ghost Armor series. That is available in audio at Audible, Amazon, and Apple. If you're on Audible, it is 31 hours of listening for just one credit, which in my opinion is a pretty good deal. That is where I'm at with my current writing projects. 00:02:32 Question of the Week Now let's move on to Question of the Week. Question of the Week is intended for enjoyable discussions of interesting topics. This week's question: what is your favorite Mexican dish? No wrong answers, including not enjoying Mexican food. A little bit about semantics. I'm aware that Mexican food is a very broad net and like all such definitions is prone to a substantial bit of haziness. Mexican cuisine is not the same as Tex-Mex, which is not the same as Puerto Rican cuisine, which is not the same as Guatemalan cuisine and so on. And the various regions of Mexico itself all have their own distinct culinary traditions. But this is true of all cuisines. By Mexican food, I mean Mexican food as it is generally defined in the United States, which tends to be an assemblage of various foods from the American Southwest, Mexico, and Latin America. And as you might expect, we had numerous responses. Our first response is from Justin who says: We have taco night here once a week or so, but no actual tacos are used. A pan of seasoned crumbled hamburger meat along with standard toppings is available for folks to make what they want. That generally becomes beef and cheese burritos and taco salad (regular bowl, corn chips added as desired). Hollis (who narrates the Ghost and Cloak audiobooks as we as mentioned) says: Quesadillas. Taste decadent but can pack in healthy spinach and peppers and whole wheat tortillas with decadent meat and cheese. Juana says: burritos, loaded! Tracy says: chicken and guacamole with roasted veggies. Becca says: Chile en nogada, basically a meat stuffed grilled chili. I have had it with chicken and beef, usually comes with pomegranate or other fruit containing sauce. John says: Three barbacoa tacos with cilantro, onion and the green salsa and three beef fajita tacos the same way. With large horchata from a sketchy food truck usually found in front of the local tire shop. I have to say some of the best Mexican food I've had has come from somewhat sketchy food trucks in front of local tire shops. Bob says: Any kind of mole. One nearby restaurant had a duck mole that was excellent. A different John says: I'm always searching for a great cheese enchilada. At least three, please. Cheryl says: Never had Mexican, so can't comment. Jenny says: Queso dip, especially when it's got beef and chili seasoning (not like chili peppers, but the southwest chili seasoning and beef). Scott says: Anything Al Pastor (burritos taco, et cetera). Steve says: Fish tacos, any way I can get them. Yet another John says: Brisket quesadillas. I've actually had those and they're very good. Andrew Abbott says: Quesadilla. Gary says: Al pastor. Mandy says: Carnitas. For myself, I think my favorite would be arroz con pollo with mushrooms. Tasty, very filling, and so long as you don't go too heavy on the cheese, it's not too terribly bad for you. I've had a couple of different variations of it, including one that had carrots and I admit I was dubious when it came out with carrots in the arroz con pollo, but it was really good. Steak fajitas would be a close second in my Mexican food preference list. The inspiration for this question was that I made homemade nachos for dinner twice this week and I also made tacos twice for dinner this week because if you make up enough taco mix, you can get a couple of meals out of it. So that's it for Question of the Week. 00:05:37 Work Computers/Writing Computer for 2025 Now I thought I'd talk a little bit about what I'm going to use for a computer in 2025. The reason for this is a couple of weeks ago, I posted a meme about choosing a new computer on Facebook and promptly forgot I had done so, but then I looked back a week and a half later to see it had gone viral and people are still arguing about the best computer in the comments, which is good summary of social media, isn't it? You can carefully consider a 1,500 word post that will get like three likes at the most but toss a meme up and forget about it and you'll come back in a week to see it had thousands of views and almost 300 comments, all of them arguing for or against specific computing platforms. So that is the reason I thought I would share what I actually picked for my computing needs in 2025. Three caveats: One, for your own computing requirements, pick whatever meets your needs and that your budget will allow. Windows, Mac OS, Linux, a tablet, whatever. It doesn't really matter. Honestly, I think 90% of people can do 95% of what they need in a web browser nowadays anyway and maybe use a cheap laser printer to print something out like every other month or so. I recently helped an elderly relative with a computer problem and she does about 95% of her computer needs on her Kindle Fire tablet and only breaks out her laptop when a webpage doesn't render properly on mobile. She can even print from her Kindle Fire. That said, I definitely fall into that 10% that cannot use a web browser for everything. Caveat two, my objective isn't to have the best computer or the most powerful computer, it's to have the computer that will be the most efficient in helping me write and publish books. And finally, caveat three. I worked for a long, long time in IT support and I did in fact write an internationally bestselling book about the Linux command line. I have done tech support for operating systems that no longer exist. Remember Windows CE on phones, Palm OS, Windows Phone, getting Mac OSX to talk to Windows Print Services, getting Mac OSX to talk to Active Directory, and Windows Millennium Edition (ugh)? I remember them and none too fondly. That means whatever objection you may have to Windows, Mac OS, Linux, or any other operating system, I probably know about it already have personally experienced it and have in fact tried to fix it while on the phone with someone having a panic attack about that particular problem. So with all that in mind, this is what I will use for computers in 2025 and hopefully for several years longer than that. For my writing/editing computer, I have picked a Mac mini M4. I've mentioned before that I'm increasingly unhappy with Windows 11 because of Microsoft's turn towards AI. I thought long and hard about either Linux or Mac OS and in the end, I decided on Mac OS because I have several subcontractors who all use Excel. Granted, you can install Excel on a Linux system with an emulation layer, but it never works 100% right. Some of the more advanced Excel stuff, which I do use, freaks out with it. There are a number of excellent spreadsheet programs available for Linux as well, but none of them have 100% compatibility with Excel, which is what I need. Additionally for ebook and paperback formatting, I use Vellum, which is Mac only. I have been very happy with Vellum since 2018, which means I've it to format around 60 different eBooks and paperbacks. So based on all that, I chose the Mac mini M4. I've been reasonably happy with it so far, since I've written about half of Shield of Deception on it. It's quite fast, which shows there are some advantages to the same company producing the CPU and the operating system. Microsoft Word is definitely faster on the M4 and the M Series Macs than it was on the Intel based Macs. I wasn't expecting this, but the overall lack of distraction in Mac OS is nice. It's very unobtrusive. Windows 11 is a very cluttered environment by default with lots of distractions and it is very annoying how Microsoft has been encrusting ads throughout the operating system. You can turn on quiet mode of course, but it's pleasant to have the overall lack of distraction be the default. So the Mac mini M4 will be the computer I use for writing, editing and book layout, but that's not all I do. My everything else computer will be a Windows 11 Intel Core I7 desktop. My previous computer before the Mac mini, a Windows 11 box with Intel Core I7, will also remain in use. The thing about being an indie publisher is that writing and editing isn't all I do. I do my own covers now, which means Photoshop and DAZ3D. Both of those applications are big, fat memory hogs. I definitely did not want to shell out the money for a Mac with that much memory. There's also advertising, which means a lot of spreadsheets and using Photoshop to make those ad images and other miscellaneous tasks like recording expenses, web design, audio proofing, podcast recording, and so forth. In fact, I'm recording this podcast on that computer right now, so my Windows 11 box is now my everything else computer. It doesn't have an NPU chip, which means that Windows 11's more odious features like Recall won't work on it, therefore I plan to nurse it along as long as possible. I have to admit there was an unanticipated pleasant psychological effect to this. When I write, I go to my writing computer and when I need to do something else, I use my everything else computer, so it's easier to avoid getting distracted by something else I need to do while I'm writing. I should mention gaming. I don't really use desktop computers for gaming any longer. They're for work. If there's a PC game I want to play, it needs to be able to run on my laptop while I sit on my couch. Otherwise, it's not going to happen. In the past five years, I spent more time playing games on the Switch and the Xbox than on desktop PC. So that is my computer plan for 2025, write on the Mac, do everything else on the PC. I should mention that the day before I started recording this, Microsoft pushed out an update that added this big ugly Copilot AI button to Word and Excel. So while I'm going to finish Shield of Deception in Microsoft Word, I am probably going to write Ghost in the Assembly in either Libre Office Writer or maybe MobiOffice. I need something that's cross compatible between Windows and Mac, so I'll be investigating other word processor options with all this Copilot stuff they're jamming into Word, but in the end, I'm grateful I'm able to use two different desktop computers and hopefully I will use these computers to produce many good books for you to read in 2025. 00:12:00 Main Topic of the Week: 5 Reasons You Should Buy Direct from Authors Now on to our main topic, five reasons you should buy direct from authors. What do we mean by selling direct? It's when the author has his or her own store hosted on a site like Shopify or Payhip that allows the author to sell eBooks, audiobooks, and sometimes paperbacks direct to readers. I should mention this is not intended in any way to be shaming or bullying. If you are most comfortable buying your eBooks from Amazon or Kobo or Apple Books or Google or any other platform, that is what you should do. This is just to talk about the advantages for both readers and writers for buying direct from authors. Payhip and Shopify are the two most popular platforms for selling direct to readers. I use Payhip since I'm mostly interested in selling eBooks and audiobooks direct and not paperbacks. You can actually look at my Payhip store, which is https://payhip.com/jonathanmoeller. The links are also available on my website and indeed in the show notes for the show for Coupon of the Week. So why even bother with direct sales when most people are now locked into a platform like Amazon or Kobo and their libraries? Why take the time to convince readers to buy directly from the author? What are the advantages to the author and more importantly, what are the advantages to the reader? And there are five of them, which we'll discuss now. #1: Faster access to new releases. The reason Payhip is always the first platform to become available for one of my new books by about a day or so is that when a new title releases, it's because I'm uploading it myself. With Amazon or other sites, my books are essentially put into a line with many, many other titles and I can't control or predict when it will become available for customers. Various stores can take longer to process or be unavailable/down when a new book releases. Kobo glitched quite badly at various points throughout 2024. In 2021, Barnes and Noble suffered a ransomware attack that blocked the ability to upload new books to the platform for about a month, and all the other stores have had various technical glitches throughout time. That's just the nature of running a large website, but having a site like Payhip gives me a place where people can turn to when it happens. Quite a few people bought Cloak of Illusion from Payhip because Kobo was down for a week when I was trying to upload the book to the site. #2: The second reason, which is a big advantage for both readers and writers, is that I can control discounts and permafree so it's easier to get discounts from an author's store. It's easier to provide discounts on Payhip because I'm getting a higher profit margin. Even with the 50% discount on Ghost in the Tombs we mentioned this week, I still would make from that discounted audiobook more than on Audible and pretty close to what I get from some of the more generous sites like Chirp or Google Play or Kobo. Just like with the uploads, I also have complete control over when the discounts happen on Payhip. Otherwise, as I mentioned earlier, I'm at the mercy of when the uploaded book processes on various stores, just like with release dates. It's hard to promote discounts or short-term freebies on those other platforms because the price change move slowly (and often unreliably) there, whereas they're instant on Payhip. Payhip is also my hub for providing free content to my readers beyond my Permafree series starters. Keep an eye on my blog and Facebook page for Coupon of the Week, where as I mentioned earlier in the show, I give out codes with steep discounts for my Payhip store. I also provide free short stories on my Payhip store for a limited time when new books release. Subscribe to my newsletter if you'd like to know when those free short stories become available. I also make a dozen older short stories (both ebook and audiobook) free on my Payhip at the end of each year, an event called 12 Days of Short Story Christmas. If you follow my website and blog, you might remember that from recently. It would take too much time away from writing to do all these things on all the other platforms, and it often isn't technically possible. Using Payhip frees up my time to do more writing instead of trying to work with the tech support of six different vendors when something doesn't switch price in time to run a specific promotion. #3: A third advantage, and that is a big advantage for readers, is I am not interested in your data and I am not spying on you the way that a large e-commerce site might be. Payhip basically just shows me the buyer's email for an individual's data. I can't see any other purchases you make. I can't see any individual demographic data and I can't see anything that would be uncomfortable for me to know. Basically all I see is your email address and your geographic location (your rough geographic location), which obviously the store needs in order to calculate sales tax liability. I intentionally set up the Payhip store so that you don't need a user account to buy books or audiobooks there. We also try and turn off the more annoying site settings like follow up emails that request reviews. Even the aggregate data on the Payhip app dashboard is extremely limited compared to other platforms. I can see a map shaded in with countries of visitors, which isn't accurate or useful in an age where you can use a VPN to switch your location with the click of a button. [We can see] if users are accessing the link directly from a Google search and the raw number of clicks on the page. Compared to the amount of data collected by other sites, [that is very minimal]. For example, other sites can show that men ages 23 to 28 who like Taylor Swift, own a cat, and live in Canada are looking at your page at midnight on Tuesday. That is much less data than Payhip collects, so therefore, if you're concerned about data privacy, Payhip is a stronger choice than most other ebook and audiobook platforms. For details about what Payhip tracks separate from what the individual author does, check out their privacy policy. #4: The fourth advantage is the reader gets a choice of file formats and you can send files to another ebook library. With Amazon or indeed any of the other ebook stores, you get your chosen format for an ebook and can't switch that format without using third party software. At my Payhip store, you get three ebook formats: epub, PDF, and when possible, the ancient .mobi format (which is kinda depreciated and gradually going away). I've noticed that people who like PDFs really like PDFs, and so if you want your ebook in PDF form, you can get them in PDF form from my Payhip store. Having a choice of different file formats allows you to more easily import the books into the platforms you already use like Kindle or Kobo. It's a pretty simple process to send files to your Kindle, Kobo, iPad, or other device so you have access to them in your library there. All my eBooks are integrated with Book Funnel, so if you have a Book Funnel account, they automatically show up in your library. Book Funnel also has directions for sideloading the files onto your various devices. #5: The fifth advantage, and this is a really big one for readers, is all the files you buy from me on Payhip are DRM free files that you can self-archive. Digital rights management limits your ability to transfer books and audiobooks through apps, devices, and so forth. It controls the way that you access things you have purchased. It's often said that you don't buy digital content, you have a conditional lease on it that's controlled by the platform you buy it from. The content that you buy can disappear, especially when a platform is sold or closes. We've all heard horror stories of people whose accounts at various online retailers get closed for some reason, and then they lose their access to the library of any media they have purchased there or a platform can go out of business. There was a minor, well, actually a fairly major scandal a few years ago when a romance themed ebook store went out of business and everyone lost their access to their libraries. And for a while Microsoft was offering eBooks for sale through the Edge browser, but as we know, Microsoft tends to change mind about things a lot, and that went away and eventually people lost their ability to access any eBooks they had purchased through the Microsoft store. And this isn't even the first time Microsoft did this. Way back in the ‘90s and early 2000s, Microsoft was trying to be become a music retailer to compete with Apple's iTunes store, and they used a kind of a DRM called Play For Sure. Eventually they got out of that business and shut down Play For Sure's servers and anyone who had purchased music locked to that DRM could no longer play it. Our Payhip store has DRM free files. These allow you to store and archive the files separate from the ebook and audiobook stores so that doesn't happen. It allows you to actually own the content that you buy and build a library that best suits your needs. So that way, if for some reason (let's say for example, your audiobook store account gets hacked and you get locked out of it), you won't lose all your eBooks that you bought through my Payhip store if you downloaded them and stored them on a local storage device or some other kind of archive system. One final advantage that is more for the author than for the reader, it is a better profit margin for direct sales than is for any of the other stores. The best percentage you can get in the ebook sales on any of the other stores is Amazon, which offers 70% for eBooks between $2.99 and $9.99. Whereas with Payhip, I get about 85% of each sale (minus sales tax and credit card processing fees). The Coupons of the Week we have been doing so far this year are a good example of that. I'm selling the Ghost audiobooks connected with the coupon for 50% off and the standard sales price is $11.99, which means you get them for about $5.99. Even though that's cheap, I still get almost as much money from a $5.99 sale than I would from a purchase on Audible or any of the other major audiobook platforms. Those are five reasons to buy direct from an author. I should note, it's just not good for the author. It offers many advantages for the reader as well. So that is it for this week. Thank you for listening to The Pulp Writer Show. I hope you found the show useful. A reminder that you can listen to all the backup episodes at https://thepulpwritershow.com. If you enjoyed the podcast, please leave a review on your podcasting platform of choice. Stay safe and stay healthy and see you all next week.
Join Automox's cybersecurity experts as they discuss the latest Patch Tuesday updates, focusing on vulnerabilities in Active Directory, Hyper-V, and macOS 15.2. They highlight the importance of staying updated and the evolving threat landscape, particularly with the rise of phishing attacks and the need for robust security measures in enterprise environments.
This show has been flagged as Explicit by the host. Greetings and welcome to Hacker Public Radio. My name is Peter Paterson, also known as SolusSpider, a Scotsman living in Kentucky, USA. This is my second HPR recording. The first was episode 4258 where I gave my introduction and computer history. Once again I am recording the audio on my Samsung Galaxy S21 Ultra phone, running Android 14, with Audio Recorder by Axet. The app was installed from F-Droid. Markdown For my Shownotes I learned to use Markdown by using the ReText app, which allows me to write in one window and preview the result in another. What is this show about? When I visited Archer72, AKA Mark Rice, in November 2024 in his University of Kentucky trauma room I reminded him that I work for God's Pantry Food Bank. He said he wanted to hear more, and highly suggested that I record the story as an HPR show, so here we are. I plan to ask the questions I hear from so many, and attempt to answer them as best I am able. What is the History of God's Pantry Food Bank? Reading directly from the About-Us page of Godspantry.org Mim Hunt, the founder of God's Pantry Food Bank, vowed to leave "the heartbreaking profession of social work" behind when she returned to her hometown of Lexington after serving as a child welfare worker in 1940's New York City. She and her husband, Robert, opened "Mim's," a combination gift shop, antique gallery, and health food store, but after seeing poverty in Lexington that rivaled what she'd fought against in New York, she found herself unable to remain silent. Mim began her work in Lexington by filling her station wagon with food, clothing, and bedding, and distributing it directly to individuals in need. Soon, neighbors were bringing food donations to what became known as "Mim's Pantry" located at her home on Lexington's Parkers Mill Road. But Mim quickly corrected them. "I don't fill these shelves," she said. "God does. This is God's Pantry." God's Pantry Food Bank was born out of this work in 1955 and remained mobile until the first pantry was opened in 1959. Since its founding, the food bank has grown in many ways. What started with one woman attempting to do what she could to address a need is now an organization serving 50 counties in Central and Eastern Kentucky through a number of programs with a dedicated staff committed to the mission of solving hunger. Mim Hunt devoted her life to helping others, and we continue to honor her legacy at God's Pantry Food Bank. Her work is proof that one person, with every small action, can make a large impact. We invite you to join us in continuing Mim's work. Where have been the locations of the main Food Bank facility? My ex-workmate Robert Srodulski recently wrote a reply in Facebook when our newest building was announced. He stated: "If I count right, this is the 6th main warehouse location in Lexington. Congratulations! > Mim's house and car Oldham Avenue garage A building next to Rupp Arena (which is now gone) Forbes Road Jaggie Fox Way, Innovation Drive." My friend Robert was employed by the Food Bank for 26 years. I am chasing his time as the longest lasting male employee. Two ladies have longer service times: Debbie Amburgey with 36.5 years in our Prestonsburg facility. She started on 19th October 1987. Sadly my good friend Debbie passed earlier this year, and I miss her greatly. She never retired. Danielle Bozarth with currently just under 30 years. She started on 30th May 1995. It would take me just over 11 years to catch up with Debbie's service record, which would take me to the age of 68. Unsure if I shall still be employed by then! What exactly do I mean by Food Bank? In February 2023 I wrote a blog post with my explanation of Food Bank. My website is LinuxSpider.net, and you will find the direct link in the shownotes. The blog was written as a response to friends, mostly from the United Kingdom, asking me very this question. To many there, and indeed here in USA also, what is called a Food Bank is what I call a local Food Pantry. Nobody is wrong here at all. We all gather food from various sources and distribute it to our neighbours who are in food insecure need. Most Pantries are totally staffed by volunteers and often open limited hours. The Food Bank has a larger scope in where we source food from, the amount sourced, does have paid staff but still dependent on volunteers, and we are open at least 40 hours a week. More if you include projects that involve evenings and Saturdays. God's Pantry Food Bank has a service area which includes 50 of the 120 Counties of Kentucky, covering central, southern, and eastern, including part of Appalachia. When I started in 1999 we were distributing 6 million pounds weight of food per year. This is about 150 semi-truckloads. Over 25 years later we are looking at distributing about 50 million pounds this year, about 1,250 truckloads. Over 40% of our distribution is fresh produce. We are an hunger relief organisation, so this amount of food is assisting our neighbours in need. In those 50 Counties we have about 400 partner agencies. Many of these agencies are Soup Kitchens, Children's Programs, Senior Programs, as well as Food Pantries. God's Pantry Food Bank is partnered with the Feeding America network of 198 Food Banks. In my early years I knew them as America's Second Harvest. In 2008 they changed name to Feeding America. Their website is FeedingAmerica.org What they do is outlined in their our-work page, including: Ensuring everyone can get the food they need with respect and dignity. Advocating for policies that improve food security for everyone. Partnering to address the root causes of food insecurity, like the high cost of living and lack of access to affordable housing. Working with local food banks and meal programs. Ending hunger through Food Access, Food Rescue, Disaster Response, and Hunger Research. I have visited a few other Food Banks, but not as many as I would have liked. We all have our own areas of service, but do often interact as the needs arise, especially in times of disaster. The Feeding America network came to Kentucky's aid in the past few years with the flooding in the East and tornadoes in the West. Feeding America aided the Food Banks affected by the devastation from Hurricanes Helene and Milton. How did I get started at the Food Bank? As mentioned in my introduction show I moved from Scotland to Kentucky in May 1999 and married Arianna in June 1999. Before our wedding I had received my green card. My future Mother-in-Law Eva recommended I check with God's Pantry Food Bank to see if they were hiring. She was working for Big Lots and had applied for a warehouse job at the Food Bank. Unfortunately for her she never got the job, but she was quite impressed by the organisation. She knew that I had warehouse and driving experience. So, one day after dropping Arianna at her University of Kentucky Medical Staff Office I stopped by the Food Bank on South Forbes Road to ask. The answer was that they were indeed hiring for the warehouse, and to come back that afternoon to meet with CW Drury, the Warehouse Manager. I drove home, put on smarter clothes, and drove back. It was a pleasure meeting CW and hearing about the job. Although most of the explanation of what they did in their mission went over my head at the time, I knew needed a job, and wanted to join this company. A few days before our wedding I received a phone call from CW offering me the position. I accepted and went for my medical the next day. My first day with God's Pantry Food Bank was on Tuesday 6th July 1999, the day after our honeymoon. I will admit that although my previous job in Scotland was a physical one, quite a few months had passed, and the heat was hot that Summer in Kentucky! I went home exhausted everyday, but totally enjoying the work I was doing. I started off mostly picking orders, assisting Agencies that came in, going to the local Kroger supermarkets to pick up bread, deliver and pick up food barrels of donations, and all the other duties CW assigned me to. I particularly enjoyed the software part of the job. I forget the name of the software back then, but do remember learning the 10 digit Item Codes. 1st is the source 2nd and 3rd are the category. There are 31 officially with Feeding America. next 6 is the unique UPC - usually from the item bar code 10th is the storage code of dry, cooler, or freezer The first code I memorised was Bread Products: 1040010731 This broke down to Donated, Bread Category, UPC number, and Dry Storage. I must admit we did not create a new code when we started storing Bread Product in the Cooler. That is probably the only exception It has been my responsibility all these years to maintain the Item Category Code sheet with different codings we have used and had to invent. An example is that when the source digit had already used 1 to 9, we had to start using letters. Although there were concerns at the time, everything worked out well. When I started at South Forbes Road there were 11 employees there and Debbie in Prestonsburg. 12 in total, in 2 locations. These days we have over 80 employees in 5 locations: Lexington, Prestonsburg, London, Morehead, and a Volunteer Center on Winchester Road, Lexington, near the Smuckers JIF Peanut Butter plant. My time at 104 South Forbes Road was for a full 4 weeks! In August 1999 we moved to 1685 Jaggie Fox Way, into a customised warehouse with 3 pallet tall racking, and lots of office space. It felt so large back then! On my first couple of days of unloading trucks there I totally wore out a pair of trainers!! Jaggie Fox does sound like a strange name for a street, but I later learned it came from 2 ladies, Mrs Jaggie and Mrs Fox who owned the land before the business park purchase. Anyway, that's what I have been told by mulitple people. Technology was fun in 1999, as we had a 56K phone modem, about 10 computers, and 1 printer. You can imagine the shared internet speed. I forget how long, but we eventually got DSL, then Cable. What have been my duties at the Food Bank? For my first decade of employment I worked the warehouse and as a driver. This included delivering food to the 4 to 5 local pantries that we ran ourselves in local church buildings in Fayette County. Funny story is that a couple of years into the job, I was approached by the Development Manager and asked if I knew websites and HTML. I informed her that I was familiar, and she made me responsible for the maintenance of the website that University of Kentucky students had created. It indeed was quite basic with only HTML and images. I had this duty for a few years before a professional company was hired. I mentioned Inventory software. In early 2000 we moved to an ERP, that is an Enterprise Resource Planning suite named Navision written by a Danish company. That company was then taken over by Microsoft. For as while it was called Microsoft NAV, and these days it is part of Dynamics 365. Feeding America commissioned a module named CERES which assisted us non-profits to use profit orientated software. Inhouse, we just call the software CERES. Even though I was no longer maintaining the website, I was still involved in IT to a degree. I became the inhouse guy who would set up new employees with their own computer. Ah, the days of Active Directory. I never did like it! I was also the guy the staff came to first with their computer problems. Funny how a lot of these issues were fixed when I walked in their office. If I could not fix an issue there and then, we did have a contract company on-call. They maintained our server and other high level software. This was still when I was in the warehouse role. After that first decade I was allocated to be our Welcome Center person, which I did for 3 years. This involved welcoming agencies, guests, salespersons, volunteers, and assisting other staff members in many ways. I also went from being a driver to the person who handed out delivery and pick-up routes to the drivers. During these years I became a heavy user of CERES working with the agencies and printing out pick-sheets to our warehouse picking staff. Although I really enjoyed the work, I will openly admit that I am not always the best in heavily social situations. I did have some difficulty when the Welcome Center was full of people needing my attention and I was trying to get software and paperwork duties done. Somehow I survived! My next stage of employment was moving into the offices and becoming the assistant to the Operations Director. This is when I really took on the role of food purchaser, ordering fresh produce and food from vendors as part of our budget. I also took over the responsibility of bidding for food donations from the Feeding America portal named Choice. National Donors offer truckloads of food and other items to the network, and we Food Banks bid on them in an allocated share system. The donations are free, but we pay for the truck freight from the shipping locations. A full time IT person was hired. We are now on our 4th IT Manager. The last 2 each had assistants. Although I am grandfathered in as an admin, my duties in this regard are very low, but still have the abity to install software as needed. Quite handy on my own laptop. As well as being the Food Procurement Officer I also became the Reporting Officer. This has been greatly aided by our team receiving the ability to write our own reports from the Navision SQL database using Jet Reporting. This is an Excel extension that allows us to access field data not directly obtainable in the CERES program. The fore-mentioned Robert Srodulski used to spend a day creating a monthly report that included all of our 50 counties across multiple categories of data. He would step by step complete an Excel worksheet with all this information. I took his spreadsheet, converted it into a Jet Report, and it now runs in about 5 minutes! It is my responsibility to supply reports on a regular monthly, quarterly, and yearly basis to my Directors, fellow staff, and to Feeding America. Yes, I do have an orange mug on my desk that says "I submitted my MPR". That is the Monthly Pulse Report. It sits next to my red swingline stapler! What are God's Pantry Food Bank's sources of food? This is probably the question I get asked the most when friends and online contacts find out what I do for a career. We receive and obtain food from various sources, including: Local donations from people like you. Thank you! Local farmers. Local retail companies and other businesses giving food directly to us and to our Partner Agencies. We are the official food charity of many retailers, including Walmart and Kroger. National Companies, mostly through the Feeding America Choice Program. The USDA, U.S. Department of Agriculture, supplies us with multiple programs of food: TEFAP (the Emergency Food Assistance Program), CCC (Commodity Credit Corporation), and CSFP (Commodity Supplemental Food Program). Purchased food, including Fresh Produce, via donations and grants. Without all this food coming in, we would not be able to distribute to our internal programs or to our partner agencies, allowing them to run Backpacks for Kids, Food Boxes for Seniors, Food Pantries, Mobile Distributions, Sharing Thanksgiving, and a multitude of other services we offer our neighbours. We have a team of Food Sourcers that work directly with the retail companies, so I am not fully involved there, but I am the main Food Purchaser for the majority of the food we buy. Specialised internal programs like Backpack and local Pantries do order specific foods that they need on a regular basis. I try to supply for the long term. With the USDA CSFP program I am responsible for the ordering of that food through a Government website. Often 6 to 12 months ahead of time. Here's a truth that staggers many people when I inform them: If you are spending cash on food donations to God's Pantry Food Bank, the most efficient use of those funds is to donate it to us. I truly can obtain about $10 worth of food for every $1 given. An example is that I recently obtained a full truckload donation of 40,000lb of Canned Sliced Beets (yum!) that we are paying only freight on. Do the maths. #Where is God's Pantry Food Bank located? As mentioned we have 5 locations, not including our own local pantries, but our main head office is at 2201 Innovation Drive Please check out our webpage at GodsPantry.org/2201innovationdrive as it includes an excellent animated walk-through tour of the offices and warehouse, including the Produce Cooler, Deli Cooler, and Freezer. They are massive! I personally waited until the very last day, Friday 13th of December, to move out of my Jaggie Fox office and into my new one at Innovation. Our official first day was on Monday 16th December 2024. What I tooted and posted on that Friday caught the eye of my CEO, Michael Halligan, and he asked me if he could share it with others. Of course he should! In the Shownotes I have included a link to my Mastodon toot. It's too long a number to read out. I am absolutely loving our new location. It's my challenge to fill the cooler, freezer, and dry warehouse with donated food! My new office is 97% set up to my workflow, including my infamous hanging report boards, and spiders everywhere. The last line of my blog says: All that said, it truly is the only job I have ever had which I absolutely enjoy, but totally wish did not exist!! This remains true. Our mission is: Reducing hunger by working together to feed Kentucky communities. Our vision is: A nourished life for every Kentuckian. #How may HPR listeners support God's Pantry Food Bank The quick answer is to go to our website of GodsPantry.org and click on Take Action. From there you will be given a list to choose from: Donate Food Volunteer Host a Food Drive or Fundraiser Become a Partner Attend an Event Advocate Other Ways to Help Thank you so much for listening to my HPR show on God's Pantry Food Bank. Apart from leaving a comment on the HPR show page, the easiest ways for people to contact me are via Telegram: at t.me/solusspider or Mastodon at @SolusSpider@linuxrocks.online I look forward to hearing from you. Now go forth, be there for your fellow neighbours, and record your own HPR show! … Adding this comment to the Shownotes, that I shall not be speaking aloud. Although I consider this show topic to be Clean, as it is basically about my life and work, not my beliefs, there may be some worldwide who hear the name God's Pantry and consider it to be religious. Therefore I am flagging the show as Explicit. just in case. It is merely the name of our non-profit Food Bank, as called by our founder Mim Hunt. Although the majority of our Partner Agencies are faith based non-profit organisations, the Food Bank itself is not faith based. … Provide feedback on this episode.
In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance.In this episode, we cover:Implementing multi-factor authentication for domain adminsThe benefits and importance of using CIS benchmarks for Windows 10 and 11Advantages of having a consistent standard in an active directory environmentAssurance and verification tools available in the benchmarksSimulated environment testing and active community participation for benchmark improvementBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Entra ID is the current inheritor of the mantle of Active Directory. No, don't be afraid, we're not going to do any binding on this show. We're going to give you the brass tacks for what Microsoft is using Entra for, how Mac Admins should think about it, and how it fits into the modern world for Mac Admins. Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Michael Epping, Senior Program Manager, Microsoft – LinkedIn Mark Morowczynski, Principal Security Researcher, Microsoft – LinkedIn Links: Extending the AD schema (pay attention to the date) https://lists.samba.org/archive/samba-technical/attachments/20101123/6d648bd4/attachment.pdf Password Guide: https://aka.ms/PasswordlessGuide Sponsors: Kandji 1Password Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
Microsoft’s Active Directory and Entra ID are valuable targets for attackers because they store critical identity information. On today’s Packet Protector, we talk with penetration tester and security consultant Eric Kuehn about how he approaches compromising AD/Entra ID, common problems he sees during client engagements, quick wins for administrators and security pros to fortify their... Read more »
Microsoft’s Active Directory and Entra ID are valuable targets for attackers because they store critical identity information. On today’s Packet Protector, we talk with penetration tester and security consultant Eric Kuehn about how he approaches compromising AD/Entra ID, common problems he sees during client engagements, quick wins for administrators and security pros to fortify their... Read more »
In this episode, we dive into all things community and PowerShell Saturday, from preparation and organization to the impact of community-driven events on career growth. We chat about what led up to the big day, our personal experiences, and why attending conferences, user groups, and community events can be game-changing for anyone in tech. Find your next step and be the community! Guest Bio and links: Mike Kanakos is a three-time Microsoft MVP award recipient and currently manages the Foundational Services and Automation team at Align Technology, the company behind Invisalign braces. He leads a team that develops automation tools for Azure AD, Active Directory, and Single Sign-On, with the goal of automating processes and eliminating tedious tasks for various teams. https://bsky.app/profile/mikekanakos.bsky.social https://www.linkedin.com/in/mikekanakos/ https://x.com/MikeKanakos https://commandline.ninja/ Phil Bossman is a Microsoft MVP and PowerShell enthusiast with a passion for learning and efficiency in all things. Phil is currently a Cloud Architect and computing expert in the Raleigh, NC area. Phil is a co-organizer of the Research Triangle PowerShell User Group @rtpsug. https://bsky.app/profile/schlauge.bsky.social https://schlauge.com/ https://www.linkedin.com/in/philbossman/ https://x.com/Schlauge PowerShell Podcast Home page: https://www.pdq.com/resources/the-powershell-podcast/ PowerShell Pro Tips - https://www.youtube.com/watch?v=K95ovoMh170
This episode is sponsored by Semperis: semperis.com In this sponsored episode of the Identity at the Center podcast, hosts Jeff and Jim discuss the changing landscape of ransomware attacks and the importance of identity security with Gil Kirkpatrick, Chief Architect at Semperis. They explore how ransomware strategies have evolved from merely encrypting data to exfiltrating sensitive information for ransom. The conversation also delves into the necessity of having robust identity recovery plans, the role of Active Directory in cybersecurity, and the importance of regular security posture assessments with tools like Purple Knight. Additionally, Gil shares insights from the Semperis Ransomware Risk Report and recounts his experiences as a pilot, offering a fascinating look at both cybersecurity and the world of aviation. 00:00 Introduction to Ransomware Evolution 01:25 Welcome to the Identity at the Center Podcast 01:53 Guest Introduction: Gil Kirkpatrick from Semperis 02:25 Journey into the Identity Space 06:09 Semperis: Enhancing Security and Resilience 21:08 The Importance of Active Directory Security 28:09 Ransomware Risk Report Insights 32:15 The Trustworthiness of Decryption Keys 34:18 Business Disruption from Ransomware 36:14 Should Companies Pay the Ransom? 38:47 The Importance of Cyber Resilience 41:14 Active Directory and Disaster Recovery 43:17 The Decline in Ransomware News 47:36 The Basics of Cybersecurity 50:31 Adventures in Piloting 58:35 Conclusion and Final Thoughts Connect with Gil: https://www.linkedin.com/in/gil-kirkpatrick/ Learn more about Semperis: https://www.semperis.com/ 2024 Ransomware Risk Report: Embracing the Assume Breach Mindset: ttps://www.semperis.com/ransomware-risk-report/ Download Purple Knight: https://www.semperis.com/purple-knight/ Hybrid Identity Protection Conference (HIP Conf) - Use code IDACpod for 20% off: https://register.hipconf.com/W7eVML Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com
Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India's largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forrester's newest cybersecurity category, Human Risk Management. The FTC says “Objection!” to the world's first self-proclaimed robot lawyer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ashley Rose, Living Security's Founder & CEO, talking about the creation of Forrester's newest cybersecurity category, Human Risk Management. Read Ashley's blog. Learn more on The Forrester Wave™: Human Risk Management Solutions, Q3 2024. Selected Reading China-Backed Salt Typhoon Targets U.S. Internet Providers: Report (Security Boulevard) Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (WIRED) Public Wi-Fi operator investigating cyberattack at UK's busiest train stations (The Rgister) ASD's ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises (CISA) House panel moves bill that adds AI systems to National Vulnerability Database (CyberScoop) India's Star Health sues Telegram after hacker uses app's chatbots to leak data (Reuters) HPE Aruba Networking fixes critical flaws impacting Access Points (Bleeping Computer) Exclusive: OpenAI to remove non-profit control and give Sam Altman equity (Reuters) OpenAI's technology chief Mira Murati, two other research executives to leave (Reuters) CISA Warns of Hurricane-Related Scams (CISA) DoNotPay must pay $193,000 to settle false claim charges from FTC. (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Windows 11 24H2 is following a now-familiar trajectory to release. Right, it's chaos Microsoft issues last-second updates to 22H2/23H2 and 24H2 in the Release Preview on Monday. Paul predicted these would turn into our Week D updates later in the week and that we'd get nothing on Tuesday Dev and Beta channels got some interesting updates recently as well The Windows App is now available on Windows, Mac, and iOS HP announces two new flagship AI PCs, one AMD and one Intel. Plus a lower-cost 8-core Snapdragon model. This is officially a trend. A week after providing details about the September 2024 firmware update for Surface Laptop 7, Microsoft confirmed it shipped the same update to Surface Pro 11. This has had a major negative effect on the device's instant-on capabilities Microsoft 365, cloud, AI Microsoft is reviving Three Mile Island and other headlines I never thought I'd write Google formally complains about alleged Microsoft antitrust abuses in the EU LinkedIn is training AI with your data. You can turn it off because Microsoft loves opt-out Microsoft issues a SFI progress report and they are doing GREAT, thank you very much Gemini comes to Workspace Apple Intelligence will hoover 4GB of drive space on iPhones to start, more later as more features are added More! Qualcomm makes another offer to acquire Intel Investment firm offers Intel a $5 billion lifeline Arc just experienced its first major security incident and handled it really well Raspberry Pi reports its first-ever earnings Paul has finished updating .NETpad for Windows 11 theming support in .NET 9, will put code up in GitHub after .NET ships in stable Xbox A new tell-all about Blizzard, Activision, and Xbox arrives October 8 Game Pass features are coming to Xbox mobile app where they belong Also, Game Bar Compact mode as part of September Xbox Update New Indie Selects titles Microsoft Flight Simulator 2024 is available for preorder and it will look a lot better and take up a lot less disk space Xbox Ambassador's Program is dead, Jim Xbox spends $1 billion per year to acquire Game Pass titles Xbox figured out how to reduce its carbon emissions. You know, besides selling fewer consoles Sony announces 30th anniversary PS5 collection Tips and Picks Tip of the week: Stop paying so much for everything App pick of the week: A week of browser-adjacent updates RunAs Radio this week: Windows Server 2025 and Active Directory with Orin Thomas Brown liquor pick of the week: Hatozaki Small Batch Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: e-e.com/twit lookout.com bigid.com/windowsweekly veeam.com