The best way to learn how secure something is the first use it then have to administer it οΏΌ
06.03.2026 19:12
π 3
π 0
π¬ 0
π 0
Part of what makes you a good pentester is you know what rocks to turn over
06.03.2026 17:43
π 0
π 0
π¬ 0
π 0
Would you ratherβ¦
Have to secure Wordpress or OpenClaw?
(for the rest of your life if you had one singular job and this was it)
06.03.2026 15:26
π 1
π 0
π¬ 1
π 0
So who has interesting cybersecurity or IT-related use cases for openclaw they are playing around with? I wanna see some fun stuffβ¦
06.03.2026 14:09
π 0
π 0
π¬ 0
π 0
Sure but Iβd argue in this example, not accidentally configuring a template for ESC1 should be within their purview
06.03.2026 13:08
π 0
π 0
π¬ 1
π 0
Learn Active Directory and youβll never work another day in your lifeβ¦.
Youβll work every day π€ͺπ
05.03.2026 19:09
π 2
π 0
π¬ 0
π 0
If youβre an IT admin and you want upward career progression and you have any length of time left in your career, beginning to poke at these AI platforms and becoming comfortable with them is crucial.
Not to be an expert but so you know whatβs coming.
05.03.2026 17:37
π 0
π 0
π¬ 0
π 0
I personally think IT admin cybersecurity skills should go beyond the basics. If you manage ADCS you should be familiar with certificate abuse for example
05.03.2026 16:59
π 1
π 0
π¬ 1
π 0
Badum chhhh hah
05.03.2026 16:58
π 1
π 0
π¬ 0
π 0
Pentesting findings donβt get fixed for a number of reasons. Some of which are out of the IT teams control.
But also, many IT teams are burnt out putting out fires and working on other βmore importantβ projects handed down to them by management that they donβt have time to fix security issues.
05.03.2026 15:53
π 1
π 0
π¬ 0
π 0
The infosec/cybersecurity space is funny because on social media, AI is taking over the world.
Then I go to conferences and meet people who are primarily defenders and they havenβt heard of OpenClaw, which is probably the biggest phenomenon since OpenAI launched ChatGPT.
Social media is a bubble.
05.03.2026 14:37
π 1
π 0
π¬ 2
π 0
The unhealthy desire to βgo viralβ hurts social media more than AI ever will.
04.03.2026 19:14
π 0
π 0
π¬ 0
π 0
Iβm at zero trust world today and tomorrow. If you see me say whatβs up!
04.03.2026 17:57
π 0
π 0
π¬ 1
π 0
How long until Active Directory is βdead?β
I donβt think it will ever be, look at this slide that Cliff Fisher shared on the hybrid identity podcast.
04.03.2026 17:22
π 2
π 0
π¬ 0
π 0
Iβm currently a pentester, but Iβm also a former sysadmin. Something thatβs not lost on me is that it doesnβt matter how good you think your security is, if your backups and recovery processes havenβt been tested, youβre rolling the dice.
04.03.2026 15:55
π 3
π 1
π¬ 0
π 0
Famous last words by IT admins: Iβm just testingβ¦
04.03.2026 14:29
π 0
π 0
π¬ 0
π 0
True or false, cybersecurity skills are necessary for IT admins?
03.03.2026 19:34
π 2
π 0
π¬ 3
π 0
If youβre an IT admin or CIO/CISO, you probably want to know what cybersecurity threats youβre up against. This is that episodeβ¦
Ps - donβt focus on the numbers, focus on the trends and the techniques
Listen/watch here π
π§ offsec.blog/episode-170-...
03.03.2026 17:52
π 0
π 0
π¬ 0
π 0
Sure Pentest one a year, but also, donβt wait until your next pentest to:
Run Locksmith
Run ADeleginator
Run PingCastle/PurpleKnight
Check shares, sharepoint, wikis for creds
03.03.2026 15:36
π 0
π 0
π¬ 0
π 0
Are phishing/social engineering exercises actually useful? Or do they do more harm than good?
03.03.2026 13:52
π 1
π 0
π¬ 1
π 0
As much as things change in cybersecurity, thereβs an overwhelming portion that stays the same.
02.03.2026 19:14
π 0
π 0
π¬ 1
π 0
Your browser is up to date
You can use YouTube's latest features!
3 common Windows misconfigs I see during internal pentest.
1) weak local admin control
2) Insecurely installed/configured software
3) Weak endpoint security
I explain how these can be dangerous in my latest video π
youtu.be/gcKejfmPea4
02.03.2026 17:46
π 1
π 0
π¬ 0
π 0
Itβs a great time to be a web pentester
02.03.2026 15:34
π 2
π 1
π¬ 0
π 0
If you're on an internal pentest and you bust out tcpdump or wireshark, is it going well or going badly? π
02.03.2026 14:13
π 1
π 0
π¬ 0
π 0
Making frontier cybersecurity capabilities available to defenders
Claude Code Security is one step towards our goal of more secure codebases and a higher security baseline across the industry.
This is great but how do we get orgs to not revert to RC4 on their service accountsβ¦.
Or login with domain admin everywhere
Or use the same password for all their admin accounts
27.02.2026 19:12
π 0
π 0
π¬ 0
π 0
Relatable IT admin scenario: you leave a job and shortly after the job you just left gets hacked/ransomwared.
Brutal honestly. Gut wrenching π€
27.02.2026 17:43
π 3
π 0
π¬ 0
π 0
The barrier to entry for threat actors continues to get lower, but for defenders, it almost seems like its getting higher...
π°Source: awesomeagents.ai/news/ai-powe...
27.02.2026 15:26
π 0
π 0
π¬ 0
π 0
Supply chain attack that drops openclaw instead of malware or a more typical payload.
Buckle up folks! π¦π₯
clawdint.com/cases/203
27.02.2026 14:09
π 0
π 1
π¬ 0
π 0
Iβve had ideas to AI-ify Active Directory but Iβm a man of principles. Iβll vibe code AD security tools instead! π
26.02.2026 19:09
π 0
π 0
π¬ 0
π 0
Even the vendor doesnβt know why itβs broke or how to fix it β¦ so stupidly common -.-
26.02.2026 17:37
π 0
π 0
π¬ 0
π 0
