✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
The App Control Gap Hackers Love
|
If you don’t control what runs on your endpoints, you don’t control your network. Period. Ethical Threat Insight: Why App Control Is a Big Deal The traditional method of app control was to block everything and just allow what’s needed. But that ignores what threat actors are actually doing in their attacks. App control is about letting the apps you actually trust, run, and denying execution of everything else. It’s about STOPPIND BAD. Especially Living-Off-the-Land (LotL), dual-use tools, and BYOVD exploits. The stuff that EDRs commonly miss. Application control, when done right, shuts down attackers in the most direct and frustrating way. It does this by enforcing a simple rule: only approved apps runs. That means when an attacker tries to drop a malicious executable, launch a rogue script, or abuse a built-in Windows binary (LotL), the system denies it before it even starts. No process, no persistence, no privilege escalation, no lateral movement, no pillage. If you haven’t already: find out what’s running in your environment today, figure out what’s unnecessary, and implement a way to block BAD STUFF. If you’re looking for a way to block threats before they can get momentum... but you've been frustrated with existing tools, you're in luck. There's a new kid in town that's taking a unique, threat-focused approach to app control. It's called MagicSword. Here's 4 neat things to know about it:
P.S. App control ruins an attacker’s day faster than a surprise Windows Update reboot.... 😅 All the best
"Spirit of a hacker heart of a defender" |
Spencer Alessi
✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Security applied blindly is just another outage waiting to happen. Ethical Threat Insight: Active Directory Security Mistakes Active Directory is the backbone of your network, and attackers know it just as well (if not better) than most admins. A staggering amount of breaches don’t require fancy exploits. They rely on common misconfigurations, they count on IT admins not doing the hard things that need to be done to secure an AD environment. These are some of the most frequent (and dangerous)...
Downtime is decided months before the attack. Ethical Threat Insight: Surviving a Ransomware Attack A DC‑area Reddit thread described days of disruption after a hospital system was reportedly hit by Rhysida ransomware. How much was the ransom? ~$3 million USD at the time of the incident. 😲 It’s a painful, real‑world reminder: your ability to operate “offline” is the difference between chaos and continuity. The time to have a plan and to prepare is before the proverbial SHTF. 6 ways to prepare...
Who you choose to test your environment matters just as much as what they test. Ethical Threat Insight: Internal Pentest Report Red Flags If you know a little bit about me, you know internal pentesting is kind of my thing. I’ve done more than 120 internal pentests in the last 5 years. What I have come to realize is that not all internal pentests are created equal, especially when it comes to reporting. Most internal pentest reports look impressive at first glance, but after you dig into them...