7MS #540: Tales of Blue Team Bliss

Today we're excited to kick off a new series all about blue team bliss - in other words, we're talking about pentest stories where the blue team controls kicked our butt a little bit! Topics include:

• The ms-ds-machineaccount-quota value is not an "all or nothing" option! Check out Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Add workstations to domain.

• We installed LAPS on Twitch last week and it went pretty well! We'll do it again in an upcoming livestream.

• Defensive security tools that can interrupt the SharpHound collection!

• EDRs are pretty awesome at catching bad stuff - and going into full "shields up" mode when they're irritated!

In the tangent department:

• This is me if I was a rapper.

• This car made me giggle: