✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Why MFA on RDP Won’t Save You
|
MFA on RDP is like locking your front door while leaving the windows wide open. Ethical Threat Insight: MFA Internally on RDP is NOT Enough Enabling MFA internally on RDP is great, but attackers know that’s not the only way to move laterally in your environment. Protocols like SMB and PowerShell Remoting (WinRM/PSRemoting) usually don’t enforce MFA at all. That means once an attacker is inside, they can often move laterally (unrestricted) with just a password. Here’s the fix:
Bonus: Companies like Silverfort (not a sponsor) have some cool tech to restrict and MFA these protocols. Also, Duo (also not a sponsor) has a new feature in beta to help lock down PowerShell and SSH. Bonus 2: Create alerts for suspicious RDP & PSRemoting events that fall outside the norm. This is one of the simplest ways to stop lateral movement dead in its tracks. Take 10 minutes today to review which systems actually need SMB or WinRM…then block the rest. If you’d like more tips like this, I did a webinar on the most common Windows misconfigs I see during internal pentests. In 1 hour I cover 7 misconfigs, how to find them & how to fix them.
Webinar passcode: P3yGQ+1y p.s. If you didn’t hear, I included not one, not two, not three, but 4 free gifts in my webinar. They are at the end, go snag them! All the best
"Spirit of a hacker heart of a defender" |
Spencer Alessi
✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Security applied blindly is just another outage waiting to happen. Ethical Threat Insight: Active Directory Security Mistakes Active Directory is the backbone of your network, and attackers know it just as well (if not better) than most admins. A staggering amount of breaches don’t require fancy exploits. They rely on common misconfigurations, they count on IT admins not doing the hard things that need to be done to secure an AD environment. These are some of the most frequent (and dangerous)...
Downtime is decided months before the attack. Ethical Threat Insight: Surviving a Ransomware Attack A DC‑area Reddit thread described days of disruption after a hospital system was reportedly hit by Rhysida ransomware. How much was the ransom? ~$3 million USD at the time of the incident. 😲 It’s a painful, real‑world reminder: your ability to operate “offline” is the difference between chaos and continuity. The time to have a plan and to prepare is before the proverbial SHTF. 6 ways to prepare...
Who you choose to test your environment matters just as much as what they test. Ethical Threat Insight: Internal Pentest Report Red Flags If you know a little bit about me, you know internal pentesting is kind of my thing. I’ve done more than 120 internal pentests in the last 5 years. What I have come to realize is that not all internal pentests are created equal, especially when it comes to reporting. Most internal pentest reports look impressive at first glance, but after you dig into them...