Aug 27, 2022
Today's episode covers three remediation-focused topics that kind of grind my gears and/or get me frustrated with myself. I'm curious for your thoughts on these, so reach out via Slack or Twitter and maybe we'll do a future live stream on this topic.
How do you get clients to actually care when we explain the threats on their network that are a literal 10/10 on the CVSS scale?
Password policies - they're not just as easy as "Have a password of X length with Y complexity."
Fixing the various broadcast traffic and protocol issues that give us easy wins with Responder and mitm6 - it's more nuanced than just "Disable LLMNR/NETBIOS/MDNS and shut off IPv6." This article discusses these challenges in more detail.