|
I loving hate RDP jumpboxes. It is TYOOL 2021, there are better solutions for getting from Domain A --> Domain G that doesn't involve jumping through 5 RDP portals.
|
# ? May 21, 2021 20:36 |
|
|
# ? Jun 9, 2024 12:09 |
|
MustardFacial posted:I loving hate RDP jumpboxes. It is TYOOL 2021, there are better solutions for getting from Domain A --> Domain G that doesn't involve jumping through 5 RDP portals. I loving love RDP jumpboxes, my lovely connection craps out all day and I rarely lose whatever I'm working on
|
# ? May 22, 2021 00:15 |
|
Honey Im Homme posted:I loving love RDP jumpboxes, my lovely connection craps out all day and I rarely lose whatever I'm working on I got up to take a piss and all of the nested RDP sessions timed out and locked the screen so now I have to do 5 loving logins on different domains with different passwords. Yes, this is great. What a wonderful use of technology. Truly it is a modern age we live in.
|
# ? May 22, 2021 00:34 |
|
I have no idea what RDP sessions are, but can't everything be simpler with some ssh tunneling? Surely connecting over 5 hosts can't be fun.
|
# ? May 22, 2021 00:56 |
|
Volguus posted:I have no idea what RDP sessions are, but can't everything be simpler with some ssh tunneling? Surely connecting over 5 hosts can't be fun. RDP doesn't really support anything like SSH agent forwarding, as far as I know.
|
# ? May 22, 2021 03:58 |
|
SSH tunnels can support rdp though
|
# ? May 22, 2021 05:07 |
|
MustardFacial posted:I loving hate RDP jumpboxes. It is TYOOL 2021, there are better solutions for getting from Domain A --> Domain G that doesn't involve jumping through 5 RDP portals. Azure Bastion makes life so much easier.
|
# ? May 22, 2021 05:39 |
|
We have this contractor that does patch management for us and he sends out an email of people that didn't log out of a server prior to him restarting it. It is the dumbest loving thing in the world and only serves as a name and shame. gently caress this pisses me off because my boss sees it and is "I DONT WANT TO SEE SERVER LOGIN EMAILS THIS CYCLE!!" Bro, just restart the server, gently caress. I'll be taking over the patch management next month anyway, but it's seriously annoying. Dude also sent some passive aggressive comment about a spreadsheet being edited (a column size was changed to read the contents) God drat I can't wait to dump this rear end in a top hat.
|
# ? May 22, 2021 14:56 |
|
Im sorry is the complaint just that youre still signed in? not that you didnt lock it? because lol
|
# ? May 22, 2021 15:16 |
|
Last week we did a major go-live for a customer that went sideways. Turns out our software has a weird bug in it where some legacy features of the frontend (that were halfway copied into the new version) don't work properly with the new version of the backend in really specific circumstances. Turns out they never actually tested those specific circumstances before hand. Patching the front or backend the day before go-live would be impossible. I spoke to the devs that actually wrote all the code and figured out what the front end was sending and what the backend was choking on. Turns out that that it was sending a parameter in the https url string that the backend handled oddly, so I wrote an nginx regex to capture all the packets with that parameter and fix it on the fly, and the go-live was saved. The COO sent an email out yesterday thanking the team for their emergency work, he specifically mentioned the front and backend devs by name for their commitment to fixing it. But he didn't mention me at all, when all they did was basically that spiderman meme with them pointing at each other about why it's not working. .... AIn't even mad those because it was my job to actually test this with the customer three months ago, they said "sure it works whatever" but clearly never did and I didn't follow up correctly and validate. Whoops!
|
# ? May 22, 2021 15:34 |
|
You can determine how long someone has been a sysadmin by how they handle rebooting a server. The new ones fret and ask for approval, sending warning emails hours in advance. The sophomores send wall messages an hour in advance and additional ones every ten minutes. The veterans slap out a hastily written wall 5 seconds before reboot, and the old fucks that don't give a poo poo hard cycle it with a command to the PDU.
|
# ? May 22, 2021 15:54 |
|
I'm interested in starting a small business doing web app pentesting, small scale red teaming and security consulting. Would anyone here know of any resources/reading I can do re: the business admin side of a small IT company?
|
# ? May 22, 2021 22:34 |
|
xzzy posted:You can determine how long someone has been a sysadmin by how they handle rebooting a server. The new ones fret and ask for approval, sending warning emails hours in advance. The sophomores send wall messages an hour in advance and additional ones every ten minutes. The veterans slap out a hastily written wall 5 seconds before reboot, and the old fucks that don't give a poo poo hard cycle it with a command to the PDU. Normally I will tag ‘General’ in our IT dept Teams channel with a warning. Sometimes if I don’t feel like dealing with objections I’ll leave out the ‘General’ tag so it’s likely no one will even notice my message.
|
# ? May 22, 2021 23:28 |
|
xzzy posted:You can determine how long someone has been a sysadmin by how they handle rebooting a server. The new ones fret and ask for approval, sending warning emails hours in advance. The sophomores send wall messages an hour in advance and additional ones every ten minutes. The veterans slap out a hastily written wall 5 seconds before reboot, and the old fucks that don't give a poo poo hard cycle it with a command to the PDU. Depends on why I need to reboot, you get an hour or two if I'm trouble shooting something and a reboot might fix, if the server has fallen over I'll just reset it with no fucks given, because the thing is broke anyway it's not gonna get any brokener rebooting it. Hopefully.
|
# ? May 22, 2021 23:37 |
|
The Scientist posted:I'm interested in starting a small business doing web app pentesting, small scale red teaming and security consulting. Would anyone here know of any resources/reading I can do re: the business admin side of a small IT company? Some site that went down had a bunch of stuff, someone mentioned most of the highlights on Reddit https://www.reddit.com/r/startups/c...kNoRUZfSlFWSw.. https://ocw.mit.edu/courses/sloan-school-of-management/ Probably not a bad place to start. That’s kinda my dream in the future, first I have to actually be good at Computer touching.
|
# ? May 23, 2021 20:01 |
|
Requesting some advice. I'm going through a recruiter for a direct hire position. We had some initial communications to talk about the position, I provided my resume to have it submitted, and then got ghosted for a week. I've been contacted by another recruiter for a very similar, almost identical position at the same company. I have no idea if I was even submitted by the first recruiter. Assuming it is the same position, do I let the second recruiter run with it as well? How does it reflect on me if they see my resume coming from multiple recruiters?
|
# ? May 24, 2021 16:44 |
|
Cenodoxus posted:Requesting some advice. The issues you are running into are purely the recruiters problem. Don't care.
|
# ? May 24, 2021 16:56 |
|
Cenodoxus posted:Requesting some advice. Did you promise the first recruiter exclusivity? If not, gently caress 'em, recruiters are not worth the oxygen they breathe. If someone from the hiring company asks, you just say the first recruiter dropped the ball as per usual.
|
# ? May 24, 2021 17:00 |
|
I really don't like 3rd party recruiters. It can't hurt to send your resume to them, none of the behind the scenes stuff matters to you. Odds are recruiter 1, if he submitted your resume will get the credit for the hire. None of that is your problem though. I always try to see if there's a direct job posting at the actual company when I see a recruiter hiring for a spot, especially if its a direct placement and not contract to hire.
|
# ? May 24, 2021 17:23 |
|
Yeah, that's on them to sort it out. Do what you gotta do.
|
# ? May 24, 2021 18:06 |
|
Well IT thread, I never thought it could happen to me. I was picked up for an internal transfer to the cybersec department and no longer have to deal with the inventory system as well as a 20% salary boost. I am very happy today.
|
# ? May 24, 2021 23:50 |
|
Hey, congrats! That's really awesome.
|
# ? May 24, 2021 23:50 |
|
Defenestrategy posted:Well IT thread, I never thought it could happen to me.
|
# ? May 24, 2021 23:59 |
|
Defenestrategy posted:Well IT thread, I never thought it could happen to me. Congratulations on your new role! The auditors have flagged cybersec as responsible for ISO 27001 A.8.1.1 for your org; and you’ll be the owner for that!
|
# ? May 25, 2021 00:07 |
|
Developers and their action make me feel like I am staring into the abyss. A contractor dev contacts the director of Devops today to ask him to help him deploy a new API to prod on Thursday. An api that doesn't have sandbox/dev/test environments. An API that hasn't been communicated to anyone outside of his team before today. An API without a repo and without a pipeline. Neato. I look into this. This same dev has created User stories and tasks in Azure devops. He has 63 tasks created, worked on, and completed for this project for a single API. He documentation sucks, his comments in tasks are minimal and also suck. It however has no repo linked in his story. Wait no, there is no repo tied to this api at all? WTF ARE YOU DOING, THIS PROJECT IS 43 DAYS OLD. Must be using another repo or just storing code on his workstation. This is all against policy but whatever, lets dig further. gently caress it, I am infosec, lets see what repo he is using. I hit every security tool we have to pull browser history and app usage. The reports are blank. What the hell? Lets check Azure ad and see what computer he is using. MOTHER OF GOD, HE HASN"T LOGGED INTO A SINGLE COMPUTER. Fast forward, I am talking to the VP of Software Development (his boss). You hired a developer on contract but didn't give him a company computer? Yes, I didn't think he needed one. Intellectual property issues aside, how was employee going to test anything or connect to inernal only resources if he doesn't have a company computer? I will still working on that. I figured he could just write code in the meantime. Did you not even check to make sure your employee was uploading code to a repo considering he is using his BYOD computer to write the code for months? I just haven't gotten around to it yet. I just got out of meeting with the CISO and this VP of software dev. The VP said and I quote... "There isn't an infosec policy for software dev that states they have to write code on company computers." I want to die.
|
# ? May 25, 2021 00:22 |
|
Sickening posted:Developers and their action make me feel like I am staring into the abyss. When the coder gets let go and they find the death timer in the code, i am sure there will be an update to that policy.
|
# ? May 25, 2021 00:35 |
|
IT friends, I have ollied into cloud admin and have discovered the mess that the previous admin left me. Azure still uses the default domain for the company, Teams isn't properly configured (regular users can send companywide meetings), Exchange is only half-migrated, our VMs don't have security groups, and AD has multiple duplicate entries and hasn't been pushed in almost half a year. This is probably just the tip of the iceberg. Looking forward to the next few months.
|
# ? May 25, 2021 15:05 |
|
Sickening posted:Developers and their action make me feel like I am staring into the abyss. I’ve nver heard of a circus that develops software
|
# ? May 25, 2021 16:31 |
|
LochNessMonster posted:I’ve nver heard of a circus that develops software Oracle?
|
# ? May 25, 2021 20:46 |
|
I don’t understand why powershell for share point and exchange is sooooo bad. Powershell for AD is actually good and makes sense which makes it even more baffling.
|
# ? May 25, 2021 21:27 |
|
I thought exchange powershell was fine But yeah, you’re right about sharepoint powershell, but that’s true for everything sharepoint
|
# ? May 25, 2021 21:29 |
|
PowerShell for Exchange at least has the delegated admin option as you connect, something that no other product group seemingly can be bothered to do. Microsoft spend so much time telling their partners to make sure you use MFA on everything and not to share admin accounts, and then most of their tools are barely functional if you're a delegated admin.
Thanks Ants fucked around with this message at 21:35 on May 25, 2021 |
# ? May 25, 2021 21:32 |
|
I’ve been trying to disable the the automatic “you joined the group” and it’s about 10 times more complicated than it needs to be and requires you to check the setting through a different inconsistent syntax for it to “take” Versus the equivalent in AD powershell would be like a one-liner that you could probably guess without ever reading docs
|
# ? May 25, 2021 21:42 |
|
The Fool posted:I thought exchange powershell was fine To me the problem is not PS, its SharePoint.
|
# ? May 25, 2021 22:12 |
|
Yeah powershell is great, honestly the examples in most of the help libraries is just one of the many things that I love about it. The IDE on windows is incredible in that I often don’t even need to google stuff, and they made aliases for bash commands so coming from mac and Linux it makes basic stuff super easy Share point is a hosed mess though
|
# ? May 25, 2021 22:16 |
|
SMEGMA_MAIL posted:
Its basically FrontPage on steroids.
|
# ? May 25, 2021 22:24 |
|
Thanks Ants posted:PowerShell for Exchange at least has the delegated admin option as you connect, something that no other product group seemingly can be bothered to do. Microsoft spend so much time telling their partners to make sure you use MFA on everything and not to share admin accounts, and then most of their tools are barely functional if you're a delegated admin. I may be totally doing something wrong, but I am under the impression that you have to go through this extra step of connecting to your PowerShell exchange online session to make it so your MFA even works. Which is incredibly loving stupid to me. Microsoft recommends you turn on MFA for your high privledged users. Doing so means that then connecting through powershell the same way they did before just fails without any MFA support built into the traditional process. Why have multiple ways to connect? Why not just one way that supports mfa or no mfa.
|
# ? May 25, 2021 22:37 |
|
Last time I connected via Powershell to Exchange Online, I logged in and my Duo MFA prompted. I hit accept and I was good to go. What am I missing?
|
# ? May 25, 2021 22:47 |
|
The old way only supported basic auth, the new way supports modern auth. Seems fairly straightforward to me?
|
# ? May 25, 2021 22:49 |
|
|
# ? Jun 9, 2024 12:09 |
|
Internet Explorer posted:The old way only supported basic auth, the new way supports modern auth. Seems fairly straightforward to me? You are telling me I am going to have to udpate my 10 year old scripts? Nonsense!
|
# ? May 25, 2021 22:50 |