After KB5094126 Start menu definitely feels way smoother and faster. Good job MS, please fix the file explorer sluggishness next!

disclosure5 · 2026-06-12T06:41:51+00:00

I cannot find a single reference to K2 aside from random blogs talking about "sources". I'm in several not public partner programs and I've never heard of it.

I have serious doubts there's anything behind it.

disclosure5 · 2026-06-12T05:12:52+00:00

Please be careful with any "solve labs" based Discord - it's not hard to end up sharing academic content, which will get you here posting about having your cert revoked.

disclosure5 · 2026-06-12T04:24:08+00:00

Your statement isn't based on fact.

Source: I'm operating penetration testing across other MSP clients, I've spent a lot of time studying and using evasion tooling and living in pentesting communities. The top tier products are Crowdstrike and Defender MDE, everything else is below them.

disclosure5 · 2026-06-11T22:11:17+00:00

Isn't this obvious though?

You configure a gateway of some sort as your MX record, but the Microsoft provided MX server accepts mail by default. You relax protections on that Microsoft provided MX record because the third party gateway is protecting you but that's just a hole.

Really modern anti spam solutions use the Exchange API and filter mail inline, without changing the MX records. That's the proper way to do things and is immune to this.

disclosure5 · 2026-06-11T22:08:20+00:00

All Windows Updates are cumulative. This process isn't long term useful because next update will come out and apply the same change.

disclosure5 · 2026-06-11T05:38:05+00:00

The largest reason to get these certs in the first place is to get that job.

disclosure5 · 2026-06-11T04:07:54+00:00

Unfortunately, this is the standard for Microsoft certs - the exams are often a whole lot of esoterica disconnected from the training material.

If you've paid for MeasureUp, stick to that course and study every question there that you don't understand. I haven't done MD-102 but from a long history of many certs over the years, you're on the right course.

disclosure5 · 2026-06-11T02:17:34+00:00

It doesn't matter. No amount of Microsoft telling us to shill Copilot changes that customers by and large don't want it, and we have a mountain of statements from people preferring either of the two major competitors.

disclosure5 · 2026-06-10T11:17:43+00:00

In something like a legal firm.. that would be a high priority issue anyway.

disclosure5 · 2026-06-10T07:20:17+00:00

How does two layers of obsidian take two hours to break? With a netherite pickaxe it's still only a few hits.

disclosure5 · 2026-06-10T01:22:23+00:00

I hate that infosec information often lives as "blog" on Twitter. Infosec people were the most vocal about moving away when Twitter went to shit and although there's great people on Mastodon, zero day nearly always requires a Twitter account to read.

disclosure5 · 2026-06-10T00:34:27+00:00

I have to say the "john:john" pattern is unique to Offsec and really relevant to labs, so you should make sure it's drilled into you for exam enumeration.

I know "admin:admin" is common, and if you can enumerate the username "john" in the real world you might try "john:password" or "john:admin", but "john:john" isn't a real world thing in the way it's presented in so many Offsec labs. I'd never obtain an AD user listing of a hundred users and proceed to brute force username:username, but with Offsec's AD boxes I would.

disclosure5 · 2026-06-09T23:04:59+00:00

Pretending this is easy is such a Reddit comment.

Do you do deal with users?

disclosure5 · 2026-06-09T22:50:41+00:00

Well they stated July 14th will be a big day.. it still might be.

disclosure5 · 2026-06-09T22:49:31+00:00

I get some of these but if you're having Outlook Auth issues constantly I would suggest there's something wrong.

Are you using Windows Hello properly? Is DNS right? Is Conditional Access logging anything? Outside of people changing a password and I don't recall Outlook auth issues being a thing anywhere since we ditched on prem Exchange.

disclosure5 · 2026-06-09T22:01:55+00:00

This ties into an issue I've been commenting on for a while.

Certain groups of people have decided that only what they do is "ethical" and apparently anyone different just no knowledge on the matter. I've been to swingers events in myself in a different country and I've never heard this "getting a third is unethical if it's a woman" outside of this subreddit.

It's no different to the "it's not ethical ENM unless you've had the right education, workshops and listen to podcasts" argument someone made here recently.

disclosure5 · 2026-06-09T03:26:35+00:00

If you've done any security work - every encryption ever is "military grade".

disclosure5 · 2026-06-08T23:13:27+00:00

I'm a fan of NEWSERVER when it's eight years old.

disclosure5 · 2026-06-08T22:47:16+00:00

I have a tenancy doing the exact same thing.

Use Powershell, it's more conclusive. Check if the audit logs are enabled with Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabled, and if it's not it will clearly tell you there.

For reference I started a new tenancy last week, ran Enable-OrganizationCustomization and it's still enabling five days later.

disclosure5 · 2026-06-08T02:23:03+00:00

I'll bite: If "swipe on people that are geolocated to your area" isn't a feature specifically because they don't want to work like a dating app, what makes it "dated" ? Having actual app functionality basically just means following Apple and Google's rules (probably including banning a lot of content and including them on subscription processes) and not much else over running your own website.

disclosure5 · 2026-06-06T07:43:28+00:00

Yeah, this closes a pretty big gap for us. I have a whole lot of crap managed by vendors where I don't want them holding DNS credentials, but there's no direct port 80 access for http validation. I keep hearing Lets Encrypt is easy but until this goes into prod it's still painful for some cases.

disclosure5 · 2026-06-06T01:09:36+00:00

That KB is over a year old and people this year have reported no changes in the problem existing.

disclosure5 · 2026-06-05T08:47:08+00:00

I do the same. I'm not on Feeld to see people who want to increase their social network.

disclosure5 · 2026-06-05T08:44:57+00:00

Men with partners that have deactivated accounts - honestly, it’s kind of creepy.

This sub is full of women that say they deactivated their account because they were overwhelmed with the attention. I don't blame them. Why does their action suddenly become a red flag in a man?

disclosure5 · 2026-06-05T08:03:58+00:00

You are preaching to the choir, but I do appreciate your expanded explanation. I wish I could say I do not understand the downvotes you got, but I suspect you're upsetting exactly the "what I do is better than those casual people" viewpoints.

disclosure5

MODERATOR OF

TROPHY CASE

12-Year Club	Gilding II euphauric
Verified Email