Today we’re excited to kick off a new series all about blue team bliss – in other words, we’re talking about pentest stories where the blue team controls kicked our butt a little bit! Topics include:

  • The ms-ds-machineaccount-quota value is not an "all or nothing" option! Check out Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Add workstations to domain.

  • We installed LAPS on Twitch last week and it went pretty well! We’ll do it again in an upcoming livestream.

  • Defensive security tools that can interrupt the SharpHound collection!

  • EDRs are pretty awesome at catching bad stuff – and going into full "shields up" mode when they’re irritated!

In the tangent department:

911

Tags:

Written by: Brian Johnson

Share on socials: