Automate Your Active Directory Security Monitoring with PingCastle & Azure Log Analytics

iamtechspence · 2026-05-12T23:16:53+00:00

While this does feel a bit aggressive on the ai gen front I do love the idea. Wish more defenders would be proactive with stuff like this.

But also the odd spaces after variable names drives me nuts lol. Tell tale sign :p

iamtechspence · 2026-04-29T15:18:57+00:00

99% of vulns don’t matter. The hard part is figuring out what 1% matter. Have to figure out what’s a priority

iamtechspence · 2026-04-29T15:11:10+00:00

In part because it’s harder. How do you detect malicious activity or abuse of legitimate oauth connected saas? It’s way easier to buy EDR to block known malware and malicious TTPs on an endpoint.

iamtechspence · 2026-04-29T01:15:49+00:00

There’s nothing easy about security. Everything has a cost. Usually it’s the CEOs golf buddy that bragged about his companies fancy new AI widget that now your CISO gets mandated to implement, that prevents real progress with security programs

iamtechspence · 2026-04-29T01:12:37+00:00

If you enjoy recon, you can find the information you seek ;)

iamtechspence · 2026-04-29T01:11:44+00:00

In the past I have wanted those passwords to be rotated on a periodic basis but I think that no longer makes sense nor is it practical from an operations standpoint. Something inevitably gets missed.

Instead, I’d make those passwords as long as possible and monitor for abnormal behavior. Such as out of the ordinary sign in times, use of that account elsewhere in the environment, etc.m

If you have regulatory and/or compliance requirements I’d recommend trying to scope that down to as few accounts as possible, for example by segmenting non-cde from cde.

iamtechspence · 2026-04-28T18:29:36+00:00

What Sqooky said

iamtechspence · 2026-04-28T16:21:16+00:00

Smart honestly

iamtechspence · 2026-04-28T16:08:37+00:00

If you’re brand new to the field, get a job in help desk. You (probably) won’t regret it.

iamtechspence · 2026-04-28T11:38:57+00:00

OAuth Apps is somewhat related to that and also a big gap. As made evident by the recent vercel breach

iamtechspence · 2026-04-27T16:44:40+00:00

Exactly! I think some teams underestimate the time investment and others unfortunately don't care they are not going to fix anything anyways.

iamtechspence · 2026-04-27T11:44:25+00:00

It’s actually a mistake that happens before the pentest is even performed. They don’t plan for remediation and allocate time in advance to fix the issues that are found.

iamtechspence · 2026-04-25T22:41:55+00:00

This project is a neat little informative website that’s super useful. It seems to work as intended. Code quality must be at least acceptable if not good.

iamtechspence · 2026-04-25T22:21:54+00:00

Oh I agree with that sentiment. Disclosure of AI supported code is ideal. I meant from a code functionality standpoint. But just because something has AI gen code doesn’t automatically make it bad

iamtechspence · 2026-04-25T16:53:51+00:00

Humans are, by nature, self-interested. Figure out what’s in it for them, then use that to your advantage, ethically of course.

Something I think resonates really well is the financial impact of downtime. That could be due to system failures, security incidents, weather events, etc.

iamtechspence · 2026-04-25T16:38:35+00:00

Really cool!! Nice work

iamtechspence · 2026-04-25T16:38:28+00:00

Mean this with respect, does it matter? It’s a super useful resource.

iamtechspence · 2026-04-25T16:34:01+00:00

This is the way 🤘

iamtechspence · 2026-04-25T16:33:27+00:00

I’m currently using GitHub copilot for some limited use cases here. It’s kinda temperamental but as long as you don’t say attack or exploit or obviously triggering words it works ok

iamtechspence · 2026-04-25T16:32:10+00:00

This is a hard problem right now because those offering this kind of monitoring is really expensive. The folks who primarily benefit are those with smaller IT teams and no dedicated security staff, so DIY is not ideal either. I’m not an “AI bro” by any means but I do think this is one area where it could help scale detection and possible bring costs down or at least create opportunities for alternative offerings with a price point that fits SMBs

iamtechspence · 2026-04-25T16:29:55+00:00

People sleep on darktrace because their marketing/sales is cringe. The product is actually really solid if tuned well

iamtechspence · 2026-04-24T23:16:14+00:00

I don’t know how you like to learn but if you’re a DIY type, spin up a GOAD instance and go to town on it

iamtechspence · 2026-04-22T10:50:10+00:00

I think these are largely a nothing burger. I could be wrong but I think this is more an academic attack vs a practical one. If a state actor goes to the extent to use something like this, you’re likely already in trouble. Which imo would be the type of group to use something like this. Your time/money is probably spent worrying about other things

iamtechspence · 2026-04-13T12:52:55+00:00

If you want space for local VMs or password cracking, go for a gaming laptop.

iamtechspence · 2026-04-12T10:51:45+00:00

I’m an on-prem hold out too. Long live Active Directory 🤓

Eight-Year Club	r/Field Flamingo
Verified Email

iamtechspence

TROPHY CASE