From an internal threat perspective, developer machines are as good as getting Domain Admin, and many times even more "lucrative" from an attack pov
They have the keys and typically much less oversight.
youtube.com/clip/UgkxqDZ...
Respect the game hah
Wow thatâs⌠incredible hahah
Haha thatâs so good
Right! Hah
Cat wallpaper
Haha did you get the donuts tho?
Yes, you should lock your computer when you get up and walk away while at the office. No, you're not gonna get hacked in the 3 minutes that you're gone from your desk getting some water. YMMV
You should speak to your AI so it can understand the intent and inflection in your voice. You really want it to know when you're ticked off because it's creating bugs in your code.
Imagine if one day we donât see any more Kerberoastable domain admin accounts. It would be something rightâŚ
Tell me youâve worked in IT without telling me youâve worked in IT.
Iâll go firstâŚ
Did you try turning it off and back on again?
Yâall are focusing on the wrong thing. organizations donât get better by automating pentesting and eliminating pentesting jobs.
Organizations get better by making their systems more secure and resilient.
Great, you found 4000 vulnerabilities in half the time, IT admin still need to fix that stuff
IT admin skills are absolutely foundational to cybersecurity. How can you get a degree in cybersecurity and not ever see a UAC prompt before?!
While no AI isnât replacing pentesters just yet, I do believe itâs changing the game drastically. Itâs forcing low quality pentesting to raise the bar.
Itâs also a signal of whatâs to come. But also, I think in many ways the âmarketâ will decide if these ai pentesting platforms have value or not.
The advancements in AI this last 12 months have been staggeringâŚ
But AI will only take your pentesting job if all you did was run a vulnerability scan and ship the report.
Pentesting, a professional pentest, is more than running tools
youtube.com/shorts/joYT9...
Smart
Haha exactly
As a defender, I want the advantage. I want my environment to be hostile territory to adversaries.
I want them to knowâŚ
that I know
that they know
I see them.
Get wrecked.
How to get people to talk about your stuff.
Make something that intersects with what people want and something that solves a deeply painful problem.
Then make it really really good.
Whenever thereâs an IT issue itâs always this (in order)âŚ
Itâs not plugged in
DNS
I donât think you can have a true appreciation for IT support unless youâve lived in and experienced it yourself
The best way to learn how secure something is the first use it then have to administer it ďżź
Part of what makes you a good pentester is you know what rocks to turn over
Would you ratherâŚ
Have to secure Wordpress or OpenClaw?
(for the rest of your life if you had one singular job and this was it)
So who has interesting cybersecurity or IT-related use cases for openclaw they are playing around with? I wanna see some fun stuffâŚ
Sure but Iâd argue in this example, not accidentally configuring a template for ESC1 should be within their purview
Learn Active Directory and youâll never work another day in your lifeâŚ.
Youâll work every day đ¤Şđ
If youâre an IT admin and you want upward career progression and you have any length of time left in your career, beginning to poke at these AI platforms and becoming comfortable with them is crucial.
Not to be an expert but so you know whatâs coming.
I personally think IT admin cybersecurity skills should go beyond the basics. If you manage ADCS you should be familiar with certificate abuse for example
Badum chhhh hah