Twitter | Pretraživanje | |
Jon Hencinski
👋 operators: Which defensive settings have you encountered that made it *super* painful for you to operate in a Windows AD environment?
Reply Retweet Označi sa "sviđa mi se" More
Oliver Jäkel 28. sij
Odgovor korisniku/ci @jhencinski @PyroTek3 @jepayneMSFT
No client-to-client comm. 😈 This is why I love the Windows Firewall. Supereasy to implement this and thus making lateral movement a lot harder. And again I recommend this pearl by
Reply Retweet Označi sa "sviđa mi se"
Oliver Jäkel 30. sij
Odgovor korisniku/ci @jhencinski @PyroTek3 @jepayneMSFT
Reply Retweet Označi sa "sviđa mi se"
Henri 28. sij
Odgovor korisniku/ci @jhencinski @jaredhaight
Have seen all three, although all very annoying, there are workarounds which make it bearable. Of the list, no client-to-client is the most annoying. But overal, the most annoying is good visibility by the blue team. Not being able to misbehave without getting caught is nightmare
Reply Retweet Označi sa "sviđa mi se"
Karl Mueller byeShmoo! 28. sij
Odgovor korisniku/ci @jhencinski
Voting other because and I’m really curious to see if I’m right about my controls 😋
Reply Retweet Označi sa "sviđa mi se"
Karl Mueller byeShmoo! 28. sij
Odgovor korisniku/ci @jhencinski
TBH whitelisting has annoyed more of our pentesters than anything else.
Reply Retweet Označi sa "sviđa mi se"
Harman 29. sij
Odgovor korisniku/ci @jhencinski @mubix
Compromising/abusing trust relationships and lateral movement is all about multiple systems networked in an environment. Have come across internal firewall using desktop firewalls, makes it hard. Somehow this is so under-rated by clients in favour of third party products.
Reply Retweet Označi sa "sviđa mi se"
minis_io 29. sij
Odgovor korisniku/ci @jhencinski
No client-to-client along with several others.
Reply Retweet Označi sa "sviđa mi se"
Malware Lion 29. sij
Odgovor korisniku/ci @jhencinski
Combination of perfectly rolled out Windows Defender ATP and deception solution in place.
Reply Retweet Označi sa "sviđa mi se"
Fatih K. 29. sij
Odgovor korisniku/ci @jhencinski
Privilege escalation controls and alarms
Reply Retweet Označi sa "sviđa mi se"
BenAylett.com 29. sij
Odgovor korisniku/ci @jhencinski
This is gold. I wish I had thought to ask this question ages ago. Should be a regular question asked each year or 6 months.
Reply Retweet Označi sa "sviđa mi se"