|
Cannon_Fodder posted:It's easier. Lock his account and tell him he's abusing privileges. If he wants it unlocked, he can appeal to your VP. "We fixed... the glitch."
|
#
?
May 7, 2025 23:56
|
|
|
|
| # ? May 16, 2025 06:28 |
|
|
Cannon_Fodder posted:It's easier. Lock his account and tell him he's abusing privileges. If he wants it unlocked, he can appeal to your VP. Make sure you put a "DO NOT UNLOCK SEE TICKET #6666" on his AD account so some helpdesk phone weenie doesn't unlock it.
|
|
#
?
May 8, 2025 22:40
|
|
|
Got my second SANS challenge coin. I had no intention of even trying to get it and joined the "non-competitive" team, I just want to test out and play with the tools and techniques we had learned throughout the week. Our team didn't win, but at the end the instructor said "sometimes people will come into a CTF and won't win as a team, but they crush it as an individual. When that happens I like to give out a coin for the player with the single highest individual score." I was super surprised when he said my name.   This one will go on to the shelf next to my other one which I actually tried to get. Maybe if I collect enough of them it'll motivate me enough to actually take one of the certification tests.
|
|
#
?
May 11, 2025 00:14
|
|
|
awesome!
|
|
#
?
May 11, 2025 00:47
|
|
|
That's super cool. Nice work
|
|
#
?
May 11, 2025 01:40
|
|
|
Coolest thing! Congratz!
|
|
#
?
May 12, 2025 01:55
|
|
|
I've been working with Tanium for the past handful of years at my current job as well as in my last job, and in both roles I had actually asked our TAMs on multiple occasions if they could provide me with an instance that I can run on my home network so that I can experiment and do things without breaking anything production. I really really like Tanium and the TAMs were always supportive of the idea, but every time the higher-ups said no. So I said FINE. I'LL BUILD MY OWN. WITH BLACKJACK. AND HOOKERS. After getting rejected so many times I started working on a brand new open source endpoint security solution called Luminum. The endpoint clients as well as the server agents are currently being built in Rust, and over the weekend I got the initial framework for the web UI in place. It's still very very very early and not even close to being even a beta, but I'm making progress. My question builder is still very buggy, but I'm working through it.   
|
|
#
?
May 13, 2025 13:36
|
|
|
Accipiter posted:I've been working with Tanium for the past handful of years at my current job as well as in my last job, and in both roles I had actually asked our TAMs on multiple occasions if they could provide me with an instance that I can run on my home network so that I can experiment and do things without breaking anything production. I really really like Tanium and the TAMs were always supportive of the idea, but every time the higher-ups said no. Hell yeah, if you wanted maximum homelab cred, making it able to monitor openwrt or pfsense would be rad.
|
|
#
?
May 13, 2025 13:44
|
|
|
SlowBloke posted:Hell yeah, if you wanted maximum homelab cred, making it able to monitor openwrt or pfsense would be rad. Interesting thought but I'm not entirely sure what the use case for those would be. And I run pfSense at home too. That said the thing is modular so if someone wanted to make a Lumy (it's what I call Luminum modules) to support those, that's cool.
|
|
#
?
May 13, 2025 15:43
|
|
|
can I feed osquery into it?
|
|
#
?
May 13, 2025 16:36
|
|
|
Subjunctive posted:can I feed osquery into it? That is absolutely on the roadmap for the Inventory Lumy.
|
|
#
?
May 13, 2025 16:39
|
|
|
Accipiter posted:Interesting thought but I'm not entirely sure what the use case for those would be. And I run pfSense at home too. It would be to make sure something doesn't "pop" the underlying router os (see all the warnings about router firmwares being vulnerable), also to have insight on the site network uplink (in case you decided to add network introspection) so that you can assess if someone is doing unplanned tunneling or general weird traffic.
|
|
#
?
May 13, 2025 19:53
|
|
|
Today I learned that developers can use key vaults to store things that aren't really secrets. A funny outage occurred because static configurations were stored in a key vault and reviewers rubber stamped code they didn't understand. Some team members are spending time looking into which AI prompt spit out this code for giggles.
|
|
#
?
May 15, 2025 19:06
|
|
|
Sickening posted:Today I learned that developers can use key vaults to store things that aren't really secrets. I'm somewhat guilty of this where I store configs in a secret and call the secret because it's slightly easier and faster to do that because of a quirk of how a webui works in one of my companies software.
|
|
#
?
May 15, 2025 19:34
|
|
|
Defenestrategy posted:I'm somewhat guilty of this where I store configs in a secret and call the secret because it's slightly easier and faster to do that because of a quirk of how a webui works in one of my companies software. It is a valid path when products have configuration files that require the use of secure materials with no alternative means of providing said data. Fortunately, the number of products with this constraint have started to reduce in numbers.
|
|
#
?
May 15, 2025 19:43
|
|
|
|
| # ? May 16, 2025 06:28 |
|
|
Defenestrategy posted:I'm somewhat guilty of this where I store configs in a secret and call the secret because it's slightly easier and faster to do that because of a quirk of how a webui works in one of my companies software. drunk mutt posted:It is a valid path when products have configuration files that require the use of secure materials with no alternative means of providing said data. The configs were not sensitive. It was like Defenestrategy said in that someone was using as a method to deploy a config. Actually I will take that back, part of the secret was sensitive as it was a connection string. The part that was both hilarious and sad was that they had session limit variables in the keyvault secret , which created a rather large whoopsie-doodle.
|
|
#
?
May 15, 2025 20:13
|
|