|
RFC2324 posted:I currently waiting for our security team to remember that they told everyone to panic format our macs when the solarwinds thing happened so we have absolutely no mdm
|
# ? Sep 21, 2021 17:03 |
|
|
# ? May 25, 2024 07:17 |
|
wolrah posted:Do you guys not have a MDM that supports Apple Business Manager? I haven't actually used this capability yet but my understanding was that any remotely modern Mac could have MDM profiles pushed to it the moment it connects to the internet similarly to an iOS device. At a guess this will be what they do once they figure it out, but if we have actual IT i will be surprised, and the security team is so busy trying to get our core product to pass the regulators that they probably haven't even thought about all the remote endpoints. We were not a remote company prior to the pandemic (tho it looks like we aren't going back to the office)
|
# ? Sep 21, 2021 17:24 |
|
wolrah posted:Do you guys not have a MDM that supports Apple Business Manager? I haven't actually used this capability yet but my understanding was that any remotely modern Mac could have MDM profiles pushed to it the moment it connects to the internet similarly to an iOS device. It exists and is awesome until you remember that unless you bought the Macs through the business/school account it's an absolutely nightmare to get them added to ABM/ASM for MDMing
|
# ? Sep 21, 2021 19:01 |
|
When you MDM macOS devices, what is your goal to even do? I feel like that is the million dollar question that I can't get a census on.
|
# ? Sep 21, 2021 19:36 |
|
Sickening posted:When you MDM macOS devices, what is your goal to even do? I feel like that is the million dollar question that I can't get a census on. Cry, mostly.
|
# ? Sep 21, 2021 19:41 |
|
Sickening posted:When you MDM macOS devices, what is your goal to even do? I feel like that is the million dollar question that I can't get a census on. tick auditor boxes
|
# ? Sep 21, 2021 19:50 |
|
Buff Hardback posted:until you remember that unless you bought the Macs through the business/school account it's an absolutely nightmare to get them added to ABM/ASM for MDMing boy isnt this the loving truth
|
# ? Sep 21, 2021 21:08 |
|
Proud Christian Mom posted:boy isnt this the loving truth on the plus side it turns the “pretty please can you turn off activation lock” hour long phone call with Apple support into an easy one click setting
|
# ? Sep 21, 2021 21:14 |
|
Sickening posted:When you MDM macOS devices, what is your goal to even do? I feel like that is the million dollar question that I can't get a census on.
|
# ? Sep 21, 2021 21:18 |
|
Sickening posted:When you MDM macOS devices, what is your goal to even do? I feel like that is the million dollar question that I can't get a census on. I’ve not touched this in some time, but user de/provisioning, SSO, deploying software, enforcing patching - the usuals no? How would you manage a fleet if not via MDM?
|
# ? Sep 21, 2021 22:05 |
|
Buff Hardback posted:It exists and is awesome This is absolute truth. Sickening posted:When you MDM macOS devices, what is your goal to even do? I feel like that is the million dollar question that I can't get a census on. The Iron Rose posted:I’ve not touched this in some time, but user de/provisioning, SSO, deploying software, enforcing patching - the usuals no? How would you manage a fleet if not via MDM? That, pretty much. edit: we use Munki for MDM, an Open Source nightmare, rather than JAMF, because it's "free", and our CIO and his VP are loving cheapskates. Worse, ONE guy manages it, from the Czech Republic. We've complained endlessly about the lag in service this results in, and the "bus factor" of one on this system, but all to no avail. Overall, I like where I work, but there are just some decisions that make me weep. Darchangel fucked around with this message at 23:00 on Sep 21, 2021 |
# ? Sep 21, 2021 22:57 |
|
Ransomware + SharePoint Online question. Is getting document libraries ransomwared a thing in any scenario other than "user synced the whole library and their endpoint got ransomware"? Like if someone's credentials are compromised, ransomware isn't the likely next step right?
|
# ? Sep 22, 2021 02:45 |
|
Not a thing I’ve ever heard of. Without admin credentials there isn’t any way to wipe the version history and restoration from a ransomware event would be straightforward. But, like you said, users that get popped can sync libraries up. And while recovery is straightforward it’s not a fun experience.
|
# ? Sep 22, 2021 03:58 |
|
I'm trying to find the source file for an online stream, and it's been years since I've done this but it used to work with Wireshark. Anyways, I'm fumbling around with Wireshark and this address https://www.pbsfm.org.au/program/babylon-burning/2021-09-11/17-00-00, but I'm beginning to think they've started hiding it in some encrypted foshizzle. I've looked at the conversation statistics, isolated what I think is the relevant IP, but I don't know I'm not finding anything. Maybe I just forgot how to do it.
|
# ? Sep 22, 2021 08:16 |
|
busalover posted:I'm trying to find the source file for an online stream, and it's been years since I've done this but it used to work with Wireshark. Anyways, I'm fumbling around with Wireshark and this address https://www.pbsfm.org.au/program/babylon-burning/2021-09-11/17-00-00, but I'm beginning to think they've started hiding it in some encrypted foshizzle. I've looked at the conversation statistics, isolated what I think is the relevant IP, but I don't know I'm not finding anything. Maybe I just forgot how to do it. https://emit-media-production.s3.amazonaws.com/pbs/babylon-burning/2021/09/11/1700/202109111700_babylon-burning_64.m4a You are likely not MITMing traffic appropriately with TLS unpack/repack with your own CA (or not at all). Just hit F12 in your browser
|
# ? Sep 22, 2021 11:19 |
|
https://twitter.com/0xAmit/status/1440664348653875213?s=20
|
# ? Sep 22, 2021 14:21 |
|
HTTP Basic authentication in TYOOL 2021? smdh...
|
# ? Sep 22, 2021 14:37 |
|
That's bad. If MFA is enabled, would that prevent a breach from this defect alone?
|
# ? Sep 22, 2021 16:01 |
|
Ynglaur posted:That's bad. If MFA is enabled, would that prevent a breach from this defect alone? I believe so, at least will prevent automatically getting exploited.
|
# ? Sep 22, 2021 16:31 |
|
to be fair, if you aren't plastic wrapping exchange within another security / mdm product and using mfa, lmao lol
|
# ? Sep 22, 2021 17:33 |
|
Biowarfare posted:https://emit-media-production.s3.amazonaws.com/pbs/babylon-burning/2021/09/11/1700/202109111700_babylon-burning_64.m4a Oh yeah, I definitely didn't do that. They must have added crypto during their website redesign.
|
# ? Sep 23, 2021 09:24 |
|
lol https://twitter.com/ido_cohen2/status/1439863554606305286 https://twitter.com/ddd1ms/status/1441044423798820889 https://twitter.com/ddd1ms/status/1440766066871848966
|
# ? Sep 23, 2021 19:01 |
|
The thought of their being support agents for ransomware is a very dark lol for me.
|
# ? Sep 23, 2021 19:48 |
|
I'm being told that the support you receive, once you've coughed up the money, to get your files back, is second to none.
|
# ? Sep 23, 2021 20:30 |
|
It's straight-up run like a business now. I guess most of their "clients" are companies so putting on B2B airs makes them more comfortable parting with their money, maybe?bolind posted:I'm being told that the support you receive, once you've coughed up the money, to get your files back, is second to none. Gotta meet that value prop
|
# ? Sep 23, 2021 20:31 |
|
How long until Ransomware as a Service starts trying to upsell their customers with Silver, Gold, and Platinum plans
|
# ? Sep 24, 2021 17:42 |
|
klosterdev posted:How long until Ransomware as a Service starts trying to upsell their customers with Silver, Gold, and Platinum plans Silver: Pledge not to release data, but no recovery key Gold: No release, recovery key provided Platinum: No release, recovery key provided, bonus archive of data from competitor/company in same sector that chose not to pay
|
# ? Sep 24, 2021 18:03 |
|
Contact us for consulting related to decrypting, including help with prioritizing, rollout and communications.
|
# ? Sep 24, 2021 18:12 |
|
https://twitter.com/BleepinComputer/status/1441451996632997890?s=20
|
# ? Sep 24, 2021 21:03 |
|
Did they fix it in office 365 then "rushed to fix it" in exchange?
|
# ? Sep 24, 2021 21:24 |
|
Reminds me of this guy who bought domains early and noticed that corp.com was used as a fun default in Windows: https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/
|
# ? Sep 24, 2021 21:25 |
|
Three more Apple 0-Days with additional drama. https://arstechnica.com/information-technology/2021/09/three-ios-0-days-revealed-by-researcher-frustrated-with-apples-bug-bounty/ quote:Yesterday, a security researcher who goes by illusionofchaos dropped public notice of three zero-day vulnerabilities in Apple's iOS mobile operating system. The vulnerability disclosures are mixed in with the researcher's frustration with Apple's Security Bounty program, which illusionofchaos says chose to cover up an earlier-reported bug without giving them credit.
|
# ? Sep 25, 2021 00:41 |
|
When you have infinite cash this kind of poo poo just reeks of incompetence.
|
# ? Sep 26, 2021 20:34 |
|
For those of you who do internal pen tests of your companies product how well versed are you in the actual usage of the product itself if it's not a commonly used thing? For example: I know enough about how the architecture fits together to make guesses about stuff and then double check it versus the code in the git repo before wasting time on trying to figure out a proof of concept exploit, but if you asked me to install or operate the product how its supposed to be installed and operated in the wild from a customers POV I'd just kind of shrug.
|
# ? Sep 26, 2021 21:27 |
|
Defenestrategy posted:For those of you who do internal pen tests of your companies product how well versed are you in the actual usage of the product itself if it's not a commonly used thing? I don't make products per se, but we have great DOM mutation metrics and the insight into how people use our hosted applications is a huge value add for our clients: 1) "User in ticket #123456 claims they don't know what happened, they absolutely do know, we see they mistook how they view works, again" 2) "User claims there's an issue blocking productivity; they never bothered to get as far as they're claiming / there are other receipts discrediting their assignment of blame that "just worked the next morning" 3) "here's how people go through the app, keystroke by keystrokes"
|
# ? Sep 26, 2021 21:50 |
|
Potato Salad posted:I don't make products per se, but we have great DOM mutation metrics and the insight into how people use our hosted applications is a huge value add for our clients:
|
# ? Sep 27, 2021 09:32 |
|
Is anyone familiar with Azure Active Directory Service Principal Objects aka Enterprise Applications? Odd question that has been posed to me by my org's security team. My organization has an Enterprise App defined with our Azure AD tenant. This allows for single sign-on to a SaaS application. Standard thing, I am sure most orgs have dozens of these for Salesforce, Atlassian etcetera. This is an OpenID style SSO, not SAML (you cannot control the claims etc). When an admin consents to this app, it is granted the Graph Directory.Read.All permission. AFAIK this allows it to read all user attributes with AzureAD. I am being asked if it is possible to prevent the application from reading some of these attributes. Imagine we had a user's car licence plate number stored in an attribute of AzureAD, could we deny the SaaS application reading that via Graph API, even though we have granted Directory.Read.All? I suppose the equivalent within traditional on-prem infrastructure would be create an AD user object to use as a service account, and then use an ACL to prevent it from reading certain AD attributes.
|
# ? Sep 27, 2021 21:32 |
|
gallop w/a boner posted:Is anyone familiar with Azure Active Directory Service Principal Objects aka Enterprise Applications? There’s a flag in powershell that will disable all users ability to read other users data in azure ad. It is set tenant wide though, so may have larger implications for you. E: Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $false
|
# ? Sep 27, 2021 21:56 |
I've been at my current place (a MSSP) for 6 years now and starting to feel like I should move on, especially with how hot the job market apparently is. I've done a lot of firewall management work with a steady progression in job titles over the years, and more recently a TAM sort of role that includes some light threat hunting and IR. Trouble is, I'm having a failure of imagination in what sort of roles I should look for now. Sometimes I think I'd like to do sales engineering since I enjoy talking to customers, have a decent technical background and the potential income of commission sounds appealing, and other times I feel like I should move more into some sort of more cloud focused role since that seems to be future. Happy to share my resume if anyone would be willing to take a look at it.
|
|
# ? Sep 28, 2021 19:38 |
|
|
# ? May 25, 2024 07:17 |
|
rafikki posted:I've been at my current place (a MSSP) for 6 years now and starting to feel like I should move on, especially with how hot the job market apparently is. I've done a lot of firewall management work with a steady progression in job titles over the years, and more recently a TAM sort of role that includes some light threat hunting and IR. Trouble is, I'm having a failure of imagination in what sort of roles I should look for now. Sometimes I think I'd like to do sales engineering since I enjoy talking to customers, have a decent technical background and the potential income of commission sounds appealing, and other times I feel like I should move more into some sort of more cloud focused role since that seems to be future. Happy to share my resume if anyone would be willing to take a look at it. Are you interested in cloud architecture of any kind?
|
# ? Sep 29, 2021 00:35 |