Microsoft MVP
😈 Spirit of a hacker 💙 Heart of a defender
Former sysadmin, now pentester, content creator. Helping IT teams make their environment harder to attack.
Former sysadmin, now pentester, content creator. Helping IT teams make their environment harder to attack.
Spencer Alessi is a Senior Penetration Tester at SecurIT360 and Microsoft MVP (Security – Identity & Access). A former sysadmin turned pentester. He focuses on the intersection of offense and defense: how internal attackers move, how Active Directory and Windows misconfigurations create "free" attack paths, and how admins can harden environments without breaking production.
He's known for practical demos, concrete remediation steps, and a style that keeps serious topics engaging. Spencer has delivered keynotes, conference sessions and webinars on topics like dangerous logon scripts, insecure Active Directory permissions, and real-world Active Directory/Windows misconfigurations.
I break things so they can be built back stronger. From penetration testing to open-source tooling, everything I do is about making defenders more effective.
Internal network and Active Directory penetration testing. Finding misconfigurations, vulnerabilities, and attack paths before the real attackers do.
Building PowerShell-based security tools like ScriptSentry that help sysadmins and defenders audit and harden their Active Directory environments.
Writing about pentesting insights, security tips, Active Directory hardening, and lessons learned from real-world engagements.
Hosting The Cyber Threat Perspective podcast, sharing conversations about offensive security, career development, and the cybersecurity industry.
PowerShell tools built for penetration testers and sysadmins to audit and secure Active Directory environments.
Finds misconfigured and dangerous logon scripts in Active Directory. Detects plaintext credentials, dangerous permissions, admin scripts, and GPO logon script issues.
Checks AppLocker XML policies for weak configurations and validates ACLs. Helps identify policy bypasses and misconfigurations in enterprise environments.
Finds insecure trustee and resource delegations in Active Directory. Identifies over-privileged delegation configurations that could be exploited.
Responsible disclosure of security vulnerabilities found through independent research.
Pentesting insights, security tips, and lessons from the field. Subscribe to the newsletter for exclusive content.
Pentest breakdowns, hardening playbooks, and security tips that help IT teams make their environments harder to attack.
