Hey there! Hoping you had an awesome weekend! It's cold and rainy here in NY and I am literally so over it. Hah. I hope you enjoy this weeks newsletter. Please hit reply and leave me some feedback or roast me. Would love to tune this and make it incredibly useful and valuable to you. I will consider ALL ideas. 🩺Threat Pulse GitHub expands security tools after 39 million secrets leaked in 2024 GitHub detected over 39 million leaked secrets, such as API keys and credentials, in repositories...
2 months ago • 4 min read
What's up everyone! Happy Monday. It's another great week over here because yes, I am again on another internal pentest engagement. This time the clients in the financial services industry. The last few before that have been law firms. Lot of exciting stuff in the works for me personally and with SecurIT360, so stay tuned. Have an awesome week! I appreciate you being a part of this newsletter community. 🙏 🩺Threat Pulse Microsoft’s killing script used to avoid Microsoft Account in Windows 11...
3 months ago • 4 min read
Happy Monday! For those following cybersecurity news, this past week has been a doozy! While I hope this newsletter helps you stay up to date I am really focused on the insights we can obtain from all that’s going on. If you get value and you’d like to reciprocate, the best way to do that is by sharing my newsletter subscribe link on social media. Truly appreciate you! Have an amazing week. 🙏 🩺Threat Pulse VSCode extensions found downloading early-stage ransomware Two malicious Visual Studio...
3 months ago • 5 min read
It's been an incredibly busy few weeks over here, I haven't had much time to get outside and touch some grass. But the weather is getting warming and I am so ready for it! I hope you enjoy this weeks email! I would love if you would reply and tell me which parts you liked or didn't care for. It won't hurt my feelings, I promise! 🩺Threat Pulse Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts Cybercriminals are deploying fake Microsoft OAuth applications disguised as Adobe and...
3 months ago • 4 min read
Hey happy Monday! I hope you had super great weekend. I put time and attention into trying to deliver a valuable newsletter. A newsletter that I myself would look forward to reading. I hope I am able to deliver on that for you. If you do get value, please hit reply and let me know which section you like the most! Thanks so much 🙏 Have an awesome week! 🩺Threat Pulse Ransomware gang encrypted network from a webcam to bypass EDR What you should take away from this article: EDR alone is no longer...
3 months ago • 3 min read
ADeleg: The Active Directory Security Tool You’ve Never Heard Of Brave Readers Continue… During a internal pentest, I found an issue where the “Everyone” group in Active Directory had “FullControl” over the root of the domain. After I picked my jaw up off the floor, I quickly validated it with another tool. That tool, and the discoveries I made afterwards with that tool, are the reason for this article. Fast forward to today, and I’ve made it my mission to identify vulnerabilities and...
over 1 year ago • 6 min read
Unsecured VNC Credentials Leads to Admin PAW Compromise How discovering a VNC settings file on a file share during a penetration test led to compromising an admin privileged access workstation (paw). PAW - (Privileged Access Workstation) is a hardened device for the purpose of performing administrative tasks only. These systems typically have strict application and access control and daily use tasks such as browsing the internet and using email are not allowed. VNC - Virtual Network Computing...
over 1 year ago • 7 min read
