Spencer Alessi
🛠️ Sysadmin roots. Hacker mindset. Defender mission.
📋 Biography
👋 Hey there I’m Spencer Alessi - known as @techspence online | Connect with me here 👉 go.spenceralessi.com I help IT and security teams make their environments harder to attack. I jokingly say I’m a recovering sysadmin. I’ve come up the ranks from IT Help Desk to Systems Administration to now security. Specifically internal pentesting, focused on Windows, Active Directory and internal networks. In other words, I’m a hacker-hearted defender. Of course, I’m passionate about Windows & Active Directory security. That’s my happy place. I’m also a coffee-powered content creator. No buzzwords. No fear. Just real-world security that works. Let’s connect!
✨ High-Impact Contributions 3
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics. Our most popular episode is Episode 76: Windows & Active Directory Hardening, followed by Episode 96: How to Harden Active Directory to Prevent Cyber Attacks This is a free podcast produced by SecurIT360, where I work. We produce new episodes every Friday. Our latest episode was episode #147.
AppLocker Inspector audits an AppLocker policy XML and reports weak/misconfigured/risky settings, including actual ACL checks. If you don’t provide a policy file, the tool will export the local effective AppLocker policy and analyze that automatically.
These tools don’t just help me identify vulnerabilities...they help me improve my approach to AD security, which allows me to test more thoroughly, identify things others may miss, and ultimately provide better, more actionable findings for my clients. In this article, I’ll share the Active Directory (AD) security tools that have become essential in my pentesting toolkit. By the end you will see why I believe every IT admin should be using them.