Spencer Alessi
@bsky.ethicalthreat.com
- pentester/recovering sysadmin
- Ethical Threat
- Active Directory Security Connoisseur
- offensive stuff > securit360.com
- Host Cyber Threat POV > offsec.blog
- SWAG > swag.ethicalthreat.com
- free newsletter > https://click.spenceralessi.com/mylinks
- Ethical Threat
- Active Directory Security Connoisseur
- offensive stuff > securit360.com
- Host Cyber Threat POV > offsec.blog
- SWAG > swag.ethicalthreat.com
- free newsletter > https://click.spenceralessi.com/mylinks
Pinned
Spencer Alessi
@bsky.ethicalthreat.com
· Nov 13
📌Follow me if you’d like to see content from me about:
cybersecurity, infosec, pentesting, assume breach, Active Directory, PowerShell, occasional memes, occasional t-shirt and sticker drops
Ethos: spirit of a hacker heart of a defender
I post to provide value, I hope I deliver on that for you!
cybersecurity, infosec, pentesting, assume breach, Active Directory, PowerShell, occasional memes, occasional t-shirt and sticker drops
Ethos: spirit of a hacker heart of a defender
I post to provide value, I hope I deliver on that for you!
Internal pentest findings that shouldn't exist in 2025...
- credentials on file shares/sharepoint/dms
- local admin password reuse
- kerberoastable domain admins
- ADCS Misconfigs
- spooler running on DCs
- lack of powershell restrictions
- EDR missing on hosts
- credentials on file shares/sharepoint/dms
- local admin password reuse
- kerberoastable domain admins
- ADCS Misconfigs
- spooler running on DCs
- lack of powershell restrictions
- EDR missing on hosts
July 11, 2025 at 2:16 PM
Internal pentest findings that shouldn't exist in 2025...
- credentials on file shares/sharepoint/dms
- local admin password reuse
- kerberoastable domain admins
- ADCS Misconfigs
- spooler running on DCs
- lack of powershell restrictions
- EDR missing on hosts
- credentials on file shares/sharepoint/dms
- local admin password reuse
- kerberoastable domain admins
- ADCS Misconfigs
- spooler running on DCs
- lack of powershell restrictions
- EDR missing on hosts
EDR is great… but it can't go everywhere...
It can’t be disguised as private messages in Slack
It can’t plant documents in Teams
It can’t be installed on ICS
Deception can go where traditional endpoint security cannot...
It can’t be disguised as private messages in Slack
It can’t plant documents in Teams
It can’t be installed on ICS
Deception can go where traditional endpoint security cannot...
July 8, 2025 at 1:13 PM
EDR is great… but it can't go everywhere...
It can’t be disguised as private messages in Slack
It can’t plant documents in Teams
It can’t be installed on ICS
Deception can go where traditional endpoint security cannot...
It can’t be disguised as private messages in Slack
It can’t plant documents in Teams
It can’t be installed on ICS
Deception can go where traditional endpoint security cannot...
So much of researching & troubleshooting is just being patient enough to read long answers on reddit and stack overflow or I guess now days a bunch of AI responses...and being able to detect the bs and wade through it to find the "truth" or the answer or whatever the heck it is you're trying to do
July 7, 2025 at 6:40 PM
So much of researching & troubleshooting is just being patient enough to read long answers on reddit and stack overflow or I guess now days a bunch of AI responses...and being able to detect the bs and wade through it to find the "truth" or the answer or whatever the heck it is you're trying to do
In cybersecurity and in life...
July 7, 2025 at 2:07 PM
In cybersecurity and in life...
Learning how to research and self-educate in the IT/cybersecurity fields, heck in life, is such a super critical skill to develop...
July 4, 2025 at 7:14 PM
Learning how to research and self-educate in the IT/cybersecurity fields, heck in life, is such a super critical skill to develop...
It’s really fun to pentest without malware. But it gets to be less fun when cool stuff that’s closed source gets detected more regularly, like ADExplorer.
This is a format petition to Microsoft to open source it. Pretty please with a cherry on top
This is a format petition to Microsoft to open source it. Pretty please with a cherry on top
July 4, 2025 at 2:16 PM
It’s really fun to pentest without malware. But it gets to be less fun when cool stuff that’s closed source gets detected more regularly, like ADExplorer.
This is a format petition to Microsoft to open source it. Pretty please with a cherry on top
This is a format petition to Microsoft to open source it. Pretty please with a cherry on top
The value of understanding how permissions work in Active Directory cannot be understated. Out of all the common findings on internal pentests, of ad environments, that seems to be the # 1 most difficult for admins to identify on their own
July 3, 2025 at 7:53 PM
The value of understanding how permissions work in Active Directory cannot be understated. Out of all the common findings on internal pentests, of ad environments, that seems to be the # 1 most difficult for admins to identify on their own
“Getting caught” is the start of great dialog between the pentester and the IT/Security team…
July 3, 2025 at 1:34 PM
“Getting caught” is the start of great dialog between the pentester and the IT/Security team…
One of the reasons to teach users how to spot malicious emails, links, texts, etc. is so they begin to pick up on the patterns threat actors use
Security awareness training helps users better perceive the risks of such techniques
Security awareness training helps users better perceive the risks of such techniques
July 2, 2025 at 7:04 PM
One of the reasons to teach users how to spot malicious emails, links, texts, etc. is so they begin to pick up on the patterns threat actors use
Security awareness training helps users better perceive the risks of such techniques
Security awareness training helps users better perceive the risks of such techniques
One of the reasons I really like deception tech is because if done well it can be used to identify the permission level and logical location of a threat actor
That’s not always the case for other security tools
That’s not always the case for other security tools
July 2, 2025 at 2:13 PM
One of the reasons I really like deception tech is because if done well it can be used to identify the permission level and logical location of a threat actor
That’s not always the case for other security tools
That’s not always the case for other security tools
more alerts != better threat detection
i'm a big fan of deception for a couple reasons:
1) because of the quality of the alerts
i'm a big fan of deception for a couple reasons:
1) because of the quality of the alerts
July 1, 2025 at 8:23 PM
more alerts != better threat detection
i'm a big fan of deception for a couple reasons:
1) because of the quality of the alerts
i'm a big fan of deception for a couple reasons:
1) because of the quality of the alerts
Security hardening is the removal of dangerous configurations…
Security hardening is often seen as adding layers of controls, however, it’s more similar to taking away or locking down things that could be misused by attackers… while still making sure everything works the way it’s supposed to.
Security hardening is often seen as adding layers of controls, however, it’s more similar to taking away or locking down things that could be misused by attackers… while still making sure everything works the way it’s supposed to.
July 1, 2025 at 1:13 PM
Security hardening is the removal of dangerous configurations…
Security hardening is often seen as adding layers of controls, however, it’s more similar to taking away or locking down things that could be misused by attackers… while still making sure everything works the way it’s supposed to.
Security hardening is often seen as adding layers of controls, however, it’s more similar to taking away or locking down things that could be misused by attackers… while still making sure everything works the way it’s supposed to.
It’s kind of a cliche saying but… “success leaves clues” (taken from tony robbins) can be applied to cybersecurity success too..
June 30, 2025 at 6:40 PM
It’s kind of a cliche saying but… “success leaves clues” (taken from tony robbins) can be applied to cybersecurity success too..
Learning to recognize patterns is a super power in cybersecurity. How you do that? Not really sure to be honest. But I know you need reps to even have a chance…
June 30, 2025 at 2:07 PM
Learning to recognize patterns is a super power in cybersecurity. How you do that? Not really sure to be honest. But I know you need reps to even have a chance…
Including the name of a tool in screenshots that show up in reports is one of those little nuance things that is actually really important. Barring private tooling, it's pure value add
June 27, 2025 at 2:16 PM
Including the name of a tool in screenshots that show up in reports is one of those little nuance things that is actually really important. Barring private tooling, it's pure value add
Just blocking <companyname> and all the derivatives you can possibly think of (including slogans and nicknames) would prevent like 70% of all the weak passwords people use...
June 26, 2025 at 7:53 PM
Just blocking <companyname> and all the derivatives you can possibly think of (including slogans and nicknames) would prevent like 70% of all the weak passwords people use...
Another thing to block in terms of weak passwords is: <nameofservice> where the service is some kind of software that a majority of people use. Such as litigation software, document management systems, etc. Look at the most commonly used 3rd party software and block password derivatives using those
June 26, 2025 at 1:34 PM
Another thing to block in terms of weak passwords is: <nameofservice> where the service is some kind of software that a majority of people use. Such as litigation software, document management systems, etc. Look at the most commonly used 3rd party software and block password derivatives using those
I honestly don't think you need to take ntds.dit offline and try and crack it to be sure users are using strong passwords. I think a better way is to use tools like Lithnet AD Password Protection or Specops to enforce strong policies...
June 25, 2025 at 7:04 PM
I honestly don't think you need to take ntds.dit offline and try and crack it to be sure users are using strong passwords. I think a better way is to use tools like Lithnet AD Password Protection or Specops to enforce strong policies...
Thanks so much for the support on the webinar today everyone! We crushed that, super fun, thanks for reminiscing with me while we watched those home alone clips 😂😂
June 25, 2025 at 5:17 PM
Thanks so much for the support on the webinar today everyone! We crushed that, super fun, thanks for reminiscing with me while we watched those home alone clips 😂😂
WE ARE LIVE! Come hang out or register for the recording 🙏
us06web.zoom.us/webinar/regi...
us06web.zoom.us/webinar/regi...
Welcome! You are invited to join a webinar: Spencer Alessi-Deceptively Defensive: What Kevin McCallister Can Teach us About Cyber Defense. After registering, you will receive a confirmation email about joining the webinar.
What do paint cans, micro machines, and a fake holiday party have to do with catching cyber attackers? More than you think. Remember how Home Alone's Kevin McCallister turned his house into a…
us06web.zoom.us
June 25, 2025 at 3:53 PM
WE ARE LIVE! Come hang out or register for the recording 🙏
us06web.zoom.us/webinar/regi...
us06web.zoom.us/webinar/regi...
All passwords can be cracked if, **checks notes** the password is the username....
June 25, 2025 at 2:12 PM
All passwords can be cracked if, **checks notes** the password is the username....
I get it...some cybersecurity initiatives can be hard to quantify the value of. For those on the fence or that need more data to support it...
I'll do my best to provide my thoughts on the ROI of deception and what it means in terms of defensive security spending.
us06web.zoom.us/webinar/regi...
I'll do my best to provide my thoughts on the ROI of deception and what it means in terms of defensive security spending.
us06web.zoom.us/webinar/regi...
Welcome! You are invited to join a webinar: Spencer Alessi-Deceptively Defensive: What Kevin McCallister Can Teach us About Cyber Defense. After registering, you will receive a confirmation email about joining the webinar.
What do paint cans, micro machines, and a fake holiday party have to do with catching cyber attackers? More than you think. Remember how Home Alone's Kevin McCallister turned his house into a…
us06web.zoom.us
June 25, 2025 at 1:38 PM
I get it...some cybersecurity initiatives can be hard to quantify the value of. For those on the fence or that need more data to support it...
I'll do my best to provide my thoughts on the ROI of deception and what it means in terms of defensive security spending.
us06web.zoom.us/webinar/regi...
I'll do my best to provide my thoughts on the ROI of deception and what it means in terms of defensive security spending.
us06web.zoom.us/webinar/regi...
I hate to be the bearer of bad news but your user's passwords are not as strong as you think they are...
June 24, 2025 at 8:23 PM
I hate to be the bearer of bad news but your user's passwords are not as strong as you think they are...
What a great idea...time to spin up an AI agent to analyze all of John Hammond's videos 😋😎
For real though someone build this and open source it. 10/10 would use it
For real though someone build this and open source it. 10/10 would use it
June 24, 2025 at 1:13 PM
What a great idea...time to spin up an AI agent to analyze all of John Hammond's videos 😋😎
For real though someone build this and open source it. 10/10 would use it
For real though someone build this and open source it. 10/10 would use it