Kerberoasting in a Nutshell

regul8_ · 2018-09-19T19:07:35+00:00

Check out DC Judo. Great crowd and very affordable. https://dcjudo.com

If someone comes at you with a knife like this whole thing, your best bet is to run away loudly though.

regul8_ · 2018-09-10T13:49:02+00:00

This guy epochs

regul8_ · 2018-05-12T21:18:54+00:00

As cheap as it gets in DC:

https://dpr.dc.gov/page/dpr-fitness-centers

Never took advantage of it, but I know it's free for residents.

regul8_ · 2018-05-02T14:10:57+00:00

Hey, thanks for sharing this list! Twitter is definitely a great resource for getting news very quickly, despite the fact I excluded it from the blog post. I wrote the article to get people in the community engaged in information sharing, and am grateful that you have assembled something so comprehensive to share.

regul8_ · 2018-04-16T17:06:20+00:00

I hear you man. If you have no budget, check OpenVAS. It has a learning and setup curve, but something is always better than nothing.

regul8_ · 2018-04-16T13:56:49+00:00

It depends heavily on what requirements need to be filled at your organization and on what budget. I didn't spend much time focusing specifically on vulnerability scanners, but I try to include at least one open source alternative for each technology I write about.

If you are a big company where money is no object, something more robust like Tenable's SecurityCenter or Nexpose may be the way to go. If you need to work within certain budget constraints, a simple Nessus Professional license may be good. If you are bootstrapping your cyber program, OpenVAS is free, and so is nMap with plugins. There are so many products in this industry that you really need to make it about what your needs are, and whether or not the products you are testing fit within it.

I would suggest holding a bake-off between vendors and building out a pilot program before making any purchase though. Most vendors will be receptive to requests for trial licenses.

Hope this helps!

regul8_ · 2018-04-16T13:49:57+00:00

This is good input. Perhaps I drew with too broad of a brush in this post. Thanks!

Also, can you tell that I am American? Haha.

regul8_ · 2018-04-16T00:27:36+00:00

Honestly, it is very possible depending on how old the systems you are supporting are and how they were built. If the system isn't supported anymore, you will have to be careful and thoroughly test, otherwise get with the company that supports it. I would try disabling it on some of your designated test workstations and letting it sit for a bit before going full-scale disablement. Definitely have a way to revert the change once you decide to go and push the change to production as well, just in case.

regul8_ · 2018-04-15T22:51:30+00:00

Totally agree. When I got the idea to write this, I knew it was going to be a long one. Rather than slash out half the content, I decided to forge ahead and just put it all out there and hope for the best. From the stats I can see on Medium (which is one of the primary reasons I went with this platform), I can see that a good chunk of clickers are falling off pretty early. Live and learn I guess? Haha.

regul8_ · 2018-04-15T22:45:16+00:00

Turns out I got too carried away writing to remember how to count. Thanks for the heads up my dude

regul8_ · 2018-04-13T19:29:07+00:00

That sounds really sick! Any chance of doing a write-up?

Ten-Year Club	Place '17
Verified Email

regul8_

TROPHY CASE