James Spencer
@jcspencer.net
authentication & identity enjoyer. crackin’ packets and protocols; loves a good pcap.
professional cyber guy - overwatch @ crowdstrike. views my own.
professional cyber guy - overwatch @ crowdstrike. views my own.
Not sure if you’ve ever tried, but do you happen to have used accounts protected by FAST with keytabs before?
I’ve had trouble using them when FAST is at play; but it’s fine when entering creds interactively - might be something to do with salts? 🧂
FWIW, your FAST repo helped a lot at $OLDJOB!
I’ve had trouble using them when FAST is at play; but it’s fine when entering creds interactively - might be something to do with salts? 🧂
FWIW, your FAST repo helped a lot at $OLDJOB!
April 18, 2025 at 6:06 AM
Not sure if you’ve ever tried, but do you happen to have used accounts protected by FAST with keytabs before?
I’ve had trouble using them when FAST is at play; but it’s fine when entering creds interactively - might be something to do with salts? 🧂
FWIW, your FAST repo helped a lot at $OLDJOB!
I’ve had trouble using them when FAST is at play; but it’s fine when entering creds interactively - might be something to do with salts? 🧂
FWIW, your FAST repo helped a lot at $OLDJOB!
Assumes you’re not loading your own supplementary DLLs though I suppose
March 11, 2025 at 9:05 PM
Assumes you’re not loading your own supplementary DLLs though I suppose
PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON?
March 11, 2025 at 9:05 PM
PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON?
Amazing, thank you! Definitely a massive win for FAST armouring! Appreciate it :)
February 26, 2025 at 10:36 PM
Amazing, thank you! Definitely a massive win for FAST armouring! Appreciate it :)
Is this the “Machine Identity Isolation” feature, or am I crossing my wires? 😅
February 26, 2025 at 9:13 PM
Is this the “Machine Identity Isolation” feature, or am I crossing my wires? 😅
Poor wording on my part! I’m wondering if there’s a way to specify that a machine should auto-enroll for a machine certificate stored in Credential Guard, rather than running the command manually on the endpoint
February 25, 2025 at 8:31 PM
Poor wording on my part! I’m wondering if there’s a way to specify that a machine should auto-enroll for a machine certificate stored in Credential Guard, rather than running the command manually on the endpoint
I assume this would have the same OS requirements as the new VBS flags in NCrypt (though I might be wrong there!)?
Doing a deep dive, I can’t seem to spot any other LsaIso RPC callers in the cert enrollment DLLs other than the path that originates from that CLI flag 🤔
Doing a deep dive, I can’t seem to spot any other LsaIso RPC callers in the cert enrollment DLLs other than the path that originates from that CLI flag 🤔
February 25, 2025 at 11:16 AM
I assume this would have the same OS requirements as the new VBS flags in NCrypt (though I might be wrong there!)?
Doing a deep dive, I can’t seem to spot any other LsaIso RPC callers in the cert enrollment DLLs other than the path that originates from that CLI flag 🤔
Doing a deep dive, I can’t seem to spot any other LsaIso RPC callers in the cert enrollment DLLs other than the path that originates from that CLI flag 🤔
More specifically on the RPC filter part of WFP, but a really good guide!
www.akamai.com/blog/securit...
www.akamai.com/blog/securit...
www.akamai.com
February 11, 2025 at 8:57 PM
More specifically on the RPC filter part of WFP, but a really good guide!
www.akamai.com/blog/securit...
www.akamai.com/blog/securit...
@damienmiller.bsky.social sorry, not sshd-auth; it’s the monitor process holding the PAM handle. Still, same problem!
January 7, 2025 at 10:17 PM
@damienmiller.bsky.social sorry, not sshd-auth; it’s the monitor process holding the PAM handle. Still, same problem!
Ouch - doesn’t sound fun; would you almost need to keep an sshd-auth process idling holding a PAM handle open?
Excited to see the finished product! It’s really impressive how cleanly it’s all been split out - the side effect of making process trees easier to follow is really handy!
Excited to see the finished product! It’s really impressive how cleanly it’s all been split out - the side effect of making process trees easier to follow is really handy!
January 7, 2025 at 12:15 PM
Ouch - doesn’t sound fun; would you almost need to keep an sshd-auth process idling holding a PAM handle open?
Excited to see the finished product! It’s really impressive how cleanly it’s all been split out - the side effect of making process trees easier to follow is really handy!
Excited to see the finished product! It’s really impressive how cleanly it’s all been split out - the side effect of making process trees easier to follow is really handy!
we need to bring back ominous error messages; all i want is for my pc to suggest i "contact my system administrator via ouija board" or something. we used to be a proper country.
2025: out with "oops!!" in error messages, in with "how dare you ... the audacity ... etc. etc."
2025: out with "oops!!" in error messages, in with "how dare you ... the audacity ... etc. etc."
December 23, 2024 at 4:05 AM
we need to bring back ominous error messages; all i want is for my pc to suggest i "contact my system administrator via ouija board" or something. we used to be a proper country.
2025: out with "oops!!" in error messages, in with "how dare you ... the audacity ... etc. etc."
2025: out with "oops!!" in error messages, in with "how dare you ... the audacity ... etc. etc."
Perfect, thank you! I assumed that it was something like that, just hadn’t seen anything mentioned anywhere before!
Happy holidays! 🎆
Happy holidays! 🎆
December 21, 2024 at 2:18 AM
Perfect, thank you! I assumed that it was something like that, just hadn’t seen anything mentioned anywhere before!
Happy holidays! 🎆
Happy holidays! 🎆