✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
3 AppLocker Rules To Never Break
|
One bad rule can undo your entire security policy. Ethical Threat Insight: 3 AppLocker Rules To Never Break AppLocker is a powerful tool…but only if you use it wisely. A single weak or misconfigured rule can be just what an attacker needs. Here are the 3 rules you should never break: 1) Avoid drive roots (like 2) If you allow “any binary” from a publisher or forget to set an upper version bound, you’re letting attackers have the upper hand, by allowing any version of the software. 3) Avoid assigning rules to Domain Users, Everyone, Authenticated Users, or BUILTIN\Users. You might as well not use application control if that’s the case. 👉 Audit your AppLocker policies with AppLocker Inspector and make sure none of these mistakes are hiding in plain sight. AppLocker Inspector is a free tool I created to identify weak and misconfigured AppLocker policies. Definitely also check out AppLockerGen, which is an awesome suite of tools (Written by the awesome Michael Haag) that simplifies the process of generating AppLocker XML policies, providing a user-friendly interface to create, merge, and manage rules effectively. Remember: attackers don’t need all your rules to fail…just one. Want an easier way to handle AppLocker? Instead of “deny all,” try blocking only what attackers actually use. My friends at MagicSword make this simple, and for the next few weeks you can get 25% off with code SPENCER25. Tell them I sent you! p.s. I did another free webinar on common Windows misconfigs that give attackers the advantage. Lack of app control is a big one.
p.p.s. I gave away 4 free gifts during the webinar, so make sure to watch the end for the download link! p.p.p.s I created a short video that covers how we at SecurIT360 approach internal pentesting and how we find way way more than misconfigured Windows. Click here to watch it. All the best
"Spirit of a hacker heart of a defender" |
Spencer Alessi
✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Security applied blindly is just another outage waiting to happen. Ethical Threat Insight: Active Directory Security Mistakes Active Directory is the backbone of your network, and attackers know it just as well (if not better) than most admins. A staggering amount of breaches don’t require fancy exploits. They rely on common misconfigurations, they count on IT admins not doing the hard things that need to be done to secure an AD environment. These are some of the most frequent (and dangerous)...
Downtime is decided months before the attack. Ethical Threat Insight: Surviving a Ransomware Attack A DC‑area Reddit thread described days of disruption after a hospital system was reportedly hit by Rhysida ransomware. How much was the ransom? ~$3 million USD at the time of the incident. 😲 It’s a painful, real‑world reminder: your ability to operate “offline” is the difference between chaos and continuity. The time to have a plan and to prepare is before the proverbial SHTF. 6 ways to prepare...
Who you choose to test your environment matters just as much as what they test. Ethical Threat Insight: Internal Pentest Report Red Flags If you know a little bit about me, you know internal pentesting is kind of my thing. I’ve done more than 120 internal pentests in the last 5 years. What I have come to realize is that not all internal pentests are created equal, especially when it comes to reporting. Most internal pentest reports look impressive at first glance, but after you dig into them...