I think a lot of red teamers don’t give enough consideration to the fact that fixing problems is WAY harder than identifying solutions. We’re great at pointing out issues but a lot of times lack the insight into the technical and political effort it takes to implement the fixes.
Take kerberoasting for example, common solution: use strong passwords for service accounts.

Off the top of my head, to fix this you need to know: everywhere that service account is used, how it uses that password, and who manages it.
To know everywhere it’s used, you could make sure your logging auth for this account (success and fail). This might mean working with the AD team to get logging into place. Is this a priority for them? What’s the change process window for group policy? Where do these logs end up?
How do ensure that your capturing everywhere this account is logging into? In a lot of cases, break it and see what happens isn’t an option here.

Finding who owns the service can be a lot of leg work, esp if it’s a smaller service that has “just worked” for the last 10 yrs.
To implement the password change, we’re looking at code reviews, config reviews, and changes windows. This is all potentially months of work to change a single service account password.
At ever step you have to play the political game of trying to make this dumb password change a priority to people who have a million other things on their plate. There are orgs out there that make security a priority in all of IT and this makes things so much easier. A lot don’t.
And it’s easy to say “oh well they don’t care about security cause they’re not doing X, they get what’s coming to them” but that’s not fixing things. That’s blaming the org and washing your hands of it. My utmost respect to the defenders who keep up this fight and drive change.
Oh! And this doesn’t even touch on “How do we prevent a service account from having a week password in the future”, now we’re talking about implementing policy changes. Better hope you have some great management with some influence where it counts.
You can follow @jaredhaight.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more