Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
spencer Profile picture
spencer
@techspence
🛠️ Sysadmin roots. Hacker mindset. Defender mission. | Helping IT teams make their environments harder to attack | @SecurIT360 | @cyberthreatpov
Oct 14, 2025 12 tweets 5 min read
Attackers love low-hanging fruit.

And insecurely installed 3rd-party software is one of their favorite snacks..

🧵 Here’s how these issues turn into privesc goldmines (and how to fix them fast) Image TLDR...Attackers don't need to use complex malware when your install paths are writable.

Action to take today --> Audit your 3rd-party Windows apps for who can write where they install... then lock them down.

PS - webinar/slides linked at the end of this thread. Image
Jul 15, 2025 7 tweets 3 min read
How to find unsecured credentials on file shares...

This is the exact method I use for discovering credentials on file shares, adapted to fit what might work for a sysadmin.

🧵4 step process to follow... Step #1. Map out file shares.

Since you know your environment, document all your file shares in one location. Doesn’t matter where, just document them.
Apr 3, 2025 7 tweets 2 min read
We all know it’s not a great idea to log into end-user systems with Domain Admin creds, but it still happens. A lot.

And every time I see it, it makes me 😔 — here’s why:

🧵A short (probably relatable) thread of how it can go sideways.. Image We’ve all probably seen DA creds sitting in LSASS on Suzie in accountings machine but some of the worst I’ve seen are:

😣 Kiosks
🤦‍♂️ Stationary conference room machines
💻 Suzie's corporate laptop that she is also using for personal stuff