Tim Medin
@timmedin.bsky.social
Kerberoast Guy • RedSiege CEO • Hater of Pants • Former SANS 560 Author, Senior Instructor • Packers owner • Work Req: http://redsiege.com/contact
I decided to chat with a spammer/scammer. I found them to be pretty honest and forthcoming.
January 6, 2026 at 4:29 PM
I decided to chat with a spammer/scammer. I found them to be pretty honest and forthcoming.
Apple's Liquid Glass was cool for like 1 minute.
January 6, 2026 at 4:21 PM
Apple's Liquid Glass was cool for like 1 minute.
My "Death by Dashboards" talk from WWHF is up!
Check out @timmedin.bsky.social's talk, "Death by Dashboards : Moving the Needle on What Actually Matters," from Wild West Hackin' Fest - Deadwood 2025! www.youtube.com/watch?v=BgxW...
Don't forget to grab yer tickets for WWHF @ Mile High 2026!
-> wildwesthackinfest.com/wild-west-ha...
Don't forget to grab yer tickets for WWHF @ Mile High 2026!
-> wildwesthackinfest.com/wild-west-ha...
Death by Dashboards - Moving the Needle on What Actually Matters | Tim Medin
YouTube video by Wild West Hackin' Fest
www.youtube.com
December 11, 2025 at 5:32 PM
My "Death by Dashboards" talk from WWHF is up!
Months of battling, and I won. Inbox zero.
... for now.
... for now.
December 11, 2025 at 5:31 PM
Months of battling, and I won. Inbox zero.
... for now.
... for now.
Microsoft created Get-KerbEncryptionUsage.ps1 (see link in article) to query the event log to see which encryption types Kerberos used within your environment.
Run this, find the ones that MUST use RC4, and burn the rest. Then figure out how to upgrade the others from RC4 or pick a great password.
Run this, find the ones that MUST use RC4, and burn the rest. Then figure out how to upgrade the others from RC4 or pick a great password.
"By mid-2026, ... Windows Server 2008 and later to only allow AES-SHA1 encryption. RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it."
www.microsoft.com/en-us/window...
www.microsoft.com/en-us/window...
Beyond RC4 for Windows authentication
As organizations face an evolving threat landscape, strengthening Windows authentication is more critical than ever.
www.microsoft.com
December 10, 2025 at 6:06 PM
Microsoft created Get-KerbEncryptionUsage.ps1 (see link in article) to query the event log to see which encryption types Kerberos used within your environment.
Run this, find the ones that MUST use RC4, and burn the rest. Then figure out how to upgrade the others from RC4 or pick a great password.
Run this, find the ones that MUST use RC4, and burn the rest. Then figure out how to upgrade the others from RC4 or pick a great password.
Reposted by Tim Medin
The ones here are obnoxious. But there’s a charm about Wisconsin alcoholics that Minnesota alcoholics just don’t have.
November 29, 2025 at 10:18 PM
The ones here are obnoxious. But there’s a charm about Wisconsin alcoholics that Minnesota alcoholics just don’t have.
I can't spell that stupid word correctly... ever
Reconnaissance (sp?)
CEO @timmedin.bsky.social and Principal Security Consultant Mike Saunders deliver an engaging, dynamic course that will level up your offensive skills in Penetration Testing: Beyond the Basics (NOW ON SALE FOR A LIMITED TIME) 🔗 redsiege.com/btb
CEO @timmedin.bsky.social and Principal Security Consultant Mike Saunders deliver an engaging, dynamic course that will level up your offensive skills in Penetration Testing: Beyond the Basics (NOW ON SALE FOR A LIMITED TIME) 🔗 redsiege.com/btb
December 10, 2025 at 6:02 PM
I can't spell that stupid word correctly... ever
"By mid-2026, ... Windows Server 2008 and later to only allow AES-SHA1 encryption. RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it."
www.microsoft.com/en-us/window...
www.microsoft.com/en-us/window...
Beyond RC4 for Windows authentication
As organizations face an evolving threat landscape, strengthening Windows authentication is more critical than ever.
www.microsoft.com
December 10, 2025 at 5:54 PM
"By mid-2026, ... Windows Server 2008 and later to only allow AES-SHA1 encryption. RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it."
www.microsoft.com/en-us/window...
www.microsoft.com/en-us/window...
I love WI airports.
Concourse beers are not only legal, but it’s encouraged with signs all over the airport.
Concourse beers are not only legal, but it’s encouraged with signs all over the airport.
November 29, 2025 at 9:49 PM
I love WI airports.
Concourse beers are not only legal, but it’s encouraged with signs all over the airport.
Concourse beers are not only legal, but it’s encouraged with signs all over the airport.
“Killer” lol
So bad. ;)
So bad. ;)
SUPERCUT: Mike Saunders being the host with the most and teeing up every single topic you'll learn in "Penetration Testing: Beyond the Basics" (feat. @timmedin.bsky.social's killer dance moves)
Enroll Now💥LIMITED TIME LAUNCH PRICE💥🔗 redsiege.com/btb
#hacking #infosec #cybersecurity #training
Enroll Now💥LIMITED TIME LAUNCH PRICE💥🔗 redsiege.com/btb
#hacking #infosec #cybersecurity #training
November 18, 2025 at 10:59 PM
“Killer” lol
So bad. ;)
So bad. ;)
I'm home after teaching Offense for Defense at NineStart Connect. They offered free (yes, free) training to whomever wanted to attend. I can't thank them enough for offering this to our community!
The class is available here: training.redsiege.com (affordable, not free... sorry you missed out 😉)
The class is available here: training.redsiege.com (affordable, not free... sorry you missed out 😉)
November 14, 2025 at 3:03 PM
I'm home after teaching Offense for Defense at NineStart Connect. They offered free (yes, free) training to whomever wanted to attend. I can't thank them enough for offering this to our community!
The class is available here: training.redsiege.com (affordable, not free... sorry you missed out 😉)
The class is available here: training.redsiege.com (affordable, not free... sorry you missed out 😉)
Wrapping up @defcon.bsky.social Bahrain at the ICS Village.
Not my best picture, but excellent photo bomb.
Not my best picture, but excellent photo bomb.
November 6, 2025 at 12:01 PM
Wrapping up @defcon.bsky.social Bahrain at the ICS Village.
Not my best picture, but excellent photo bomb.
Not my best picture, but excellent photo bomb.
Damn.
I’m never going to find this room.
I’m never going to find this room.
October 24, 2025 at 11:14 PM
Damn.
I’m never going to find this room.
I’m never going to find this room.
Two days of teaching Pen Testing: Beyond the Basics ✅
Two hour Kerberos workshop ✅
Talk ✅
Tomorrow, time to be a full time booth babe.
Two hour Kerberos workshop ✅
Talk ✅
Tomorrow, time to be a full time booth babe.
Putting a bow on the day at @wildwesthackinfest.bsky.social with CEO @timmedin.bsky.social presenting "Death by Dashboards: Moving the Needle on What Actually Matters"
#hacking #infosec #cybersecurity #wwhf
#hacking #infosec #cybersecurity #wwhf
October 10, 2025 at 12:17 AM
Two days of teaching Pen Testing: Beyond the Basics ✅
Two hour Kerberos workshop ✅
Talk ✅
Tomorrow, time to be a full time booth babe.
Two hour Kerberos workshop ✅
Talk ✅
Tomorrow, time to be a full time booth babe.
Last year at @wildwesthackinfest.bsky.social a few packages arrived late (not mine). The maintenance staff regularly receives packages and thought it was theirs. They opened it, found a pack of stickers.
They have been putting them on their stuff and the hotel.
"We wondered who that guy was"
They have been putting them on their stuff and the hotel.
"We wondered who that guy was"
October 9, 2025 at 9:24 PM
Last year at @wildwesthackinfest.bsky.social a few packages arrived late (not mine). The maintenance staff regularly receives packages and thought it was theirs. They opened it, found a pack of stickers.
They have been putting them on their stuff and the hotel.
"We wondered who that guy was"
They have been putting them on their stuff and the hotel.
"We wondered who that guy was"
Reposted by Tim Medin
Senior Security Consultant Justin Palk tells you everything you need to know about getting started with proxy chains in this blog 🔗 redsiege.com/proxychains
#hacking #infosec #cybersecurity
#hacking #infosec #cybersecurity
October 9, 2025 at 2:01 PM
Senior Security Consultant Justin Palk tells you everything you need to know about getting started with proxy chains in this blog 🔗 redsiege.com/proxychains
#hacking #infosec #cybersecurity
#hacking #infosec #cybersecurity
The booth is hopping! Stop by to get tons of stickers, a shirt, and get entered to win a framed autographed picture from Hackers.
The booth is buzzin here at @wildwesthackinfest.bsky.social! We've had the chance to meet so many awesome folks already.
There's still plenty of handshakes, high fives, and killer swag to give out!
#hacking #infosec #cybersecurity #wwhf
There's still plenty of handshakes, high fives, and killer swag to give out!
#hacking #infosec #cybersecurity #wwhf
October 9, 2025 at 7:23 PM
The booth is hopping! Stop by to get tons of stickers, a shirt, and get entered to win a framed autographed picture from Hackers.
Join us tomorrow!
Don't miss out! Tomorrow, @timmedin.bsky.social of @redsiege.com joins us for #ThursDef at 12:30 PM CT to discuss Offensive for Defense.
This 30-minute fireside chat is one you won't want to miss. Register now: thursdef.com
#ThursdayDefensive #cybersecurity #infosec
This 30-minute fireside chat is one you won't want to miss. Register now: thursdef.com
#ThursdayDefensive #cybersecurity #infosec
October 1, 2025 at 5:36 PM
Join us tomorrow!
Live now with pre-show banter with @mzbat.bsky.social (Kimber) and @antisyphontraining.bsky.social.
Close Security Gaps, Pass Audits, Stay Secure w/ Kimber Amos and @redsiege.com
www.antisyphontraining.com/event/anti-c...
Close Security Gaps, Pass Audits, Stay Secure w/ Kimber Amos and @redsiege.com
www.antisyphontraining.com/event/anti-c...
Anti-Cast: Close Security Gaps, Pass Audits, Stay Secure with Kimber Amos - Antisyphon Training
Join Kimber Amos for a free one-hour training on cutting through compliance theater and running reviews that actually strengthen defenses and keep auditors happy.
www.antisyphontraining.com
October 1, 2025 at 3:38 PM
Live now with pre-show banter with @mzbat.bsky.social (Kimber) and @antisyphontraining.bsky.social.
Close Security Gaps, Pass Audits, Stay Secure w/ Kimber Amos and @redsiege.com
www.antisyphontraining.com/event/anti-c...
Close Security Gaps, Pass Audits, Stay Secure w/ Kimber Amos and @redsiege.com
www.antisyphontraining.com/event/anti-c...
I think about this often.
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
My understanding from @timmedin.bsky.social is RC4 risk is mitigable w/ a properly (service account std differs from user account) strong password. If it was never cracked by a pen tester, because their level of effort vs. adversary effort differed--how would Ascension know it wasn't strong enough?
September 30, 2025 at 2:18 PM
I think about this often.
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
What is a real world bad guy's level of effort for cracking?
How long do they spend?
How big is their cracker?
Do they have multiple crackers?
How do they distribute the load?
BRB, going to wake up Billie Joe.
www.youtube.com/watch?v=pGhw...
www.youtube.com/watch?v=pGhw...
Green Day - Wake Me Up When September Ends (Official Audio)
YouTube video by Green Day
www.youtube.com
September 30, 2025 at 2:05 PM
BRB, going to wake up Billie Joe.
www.youtube.com/watch?v=pGhw...
www.youtube.com/watch?v=pGhw...
Join me next week on the Thursday Defensive (thursdef.com) next Thursday at 1:30 ET on Offensive for Defense - How defenders can use offensive tools to test themselves.
September 26, 2025 at 5:03 PM
Join me next week on the Thursday Defensive (thursdef.com) next Thursday at 1:30 ET on Offensive for Defense - How defenders can use offensive tools to test themselves.
Couldn't agree more. How many high/crit PHP findings in your vuln scan reports that are meaningless because that function isn't used (or used with user input). Teams work hard remediate issues that have 0 impact, largely because it shows up in a dashboard, metrics, or KPIs... not because it matters.
Today's hot take: "Vulnerability" as a term has become meaningless in the industry.
I propose that at a system level, a vulnerability is not a *vulnerability* if there are other intact, effective compensating controls. Many of the things we call vulns should just be called bugs
I propose that at a system level, a vulnerability is not a *vulnerability* if there are other intact, effective compensating controls. Many of the things we call vulns should just be called bugs
September 24, 2025 at 4:45 PM
Couldn't agree more. How many high/crit PHP findings in your vuln scan reports that are meaningless because that function isn't used (or used with user input). Teams work hard remediate issues that have 0 impact, largely because it shows up in a dashboard, metrics, or KPIs... not because it matters.
Really cool to be interviewed and quoted in this article.
Our CEO @timmedin.bsky.social offers his thoughts on what exactly led to the Ascension breach in this follow-up article from Ars Technica:
arstechnica.com/security/202...
#hacking #infosec #cybersecurity
arstechnica.com/security/202...
#hacking #infosec #cybersecurity
How weak passwords and other failings led to catastrophic breach of Ascension
A deep-dive into Active Directory and how “Kerberoasting” breaks it wide open.
arstechnica.com
September 18, 2025 at 6:57 PM
Really cool to be interviewed and quoted in this article.
RC4 used with Kerberos isn't the fundemental flaw we think. Yes, RC4 is deprecated, but the real issue is the key generation for AES v RC4 for cracking (Kerberoasting). With RC4 the key = password hash. With AES it is 4096 rounds of hashing of hash+username+domain. The 4096 rounds matters, a lot!
September 16, 2025 at 5:14 PM
RC4 used with Kerberos isn't the fundemental flaw we think. Yes, RC4 is deprecated, but the real issue is the key generation for AES v RC4 for cracking (Kerberoasting). With RC4 the key = password hash. With AES it is 4096 rounds of hashing of hash+username+domain. The 4096 rounds matters, a lot!