Security

https://www.notion.so/Spencer-s-Pentesting-on-a-Budget-Resources-For-IT-Admins-2944105ceb3180189ff5f3c153fbe497

https://maester.dev Source: YouTube https://search.app/EMJcV

Threat Intelligence That Powers Best SOCs Worldwide Is Now Free https://share.google/iArgVvDWjq0mViHeN

Re; LastPass was breached and now some bad guys are cracking the passwords inside Whatever password manager I use today, I’m going to create a few fake accounts with high…

Run these Tools: snaffler find plain text auth sources, read the documentationPingCastle AD security fixesLockSmith Certificate issues/misconfigsScriptCentury turn script files into Canaries (Thinkst)ADeliginator find overly permissive delegations prune SPNsLAPs on…

https://slaw.securosis.com/ THE 7 ESSENTIAL SKILLS by Simply Cyber’s Gerald Auger: https://www.professormesser.com/free-… https://www.netacad.com/courses/netwo… https://www.sans.org/blog/leveraging-… https://csrc.nist.gov/publications/de… https://www.nist.gov/cyberframework

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps https://www.helpnetsecurity.com/2024/11/18/scubagear-open-source-tool-assess-microsoft-365-security/

The environment:Windows 10+, VMware 8u2, SentinelOne, Fortigate Fw 7.0.15, Unsecured VPN tunnels to biz partners The Good:+Cove backup w Cloud really good. Attackers will wipe local backup repo. Caveat; when…

BasicFirewall, Spam Filter, Backup (AV if not Windows) MidPatch Mgt, Web Filter, Monitoring, Password managers, MFA on email + Cloud, Users are not local Admin BronzeEDR, VPN, Scheduled Vulnerability Scanning,…