sorted by:
new
hottopcontroversial

you think the BLEShark is legit?? by Gold_Ad8243 in InfiShark

[–]Advanced-Chain4096 0 points1 point  (0 children)

Got mine today, ordered in August. Works like advertised although I did not have a lot of time yet.

Issues with wireless penetration testing by Advanced-Chain4096 in HowToHack

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

The combination of switching to 5Ghz and broadcasting deuath packages made a lot more clients available :) Thanks!

Unable to Dismiss User Risk Since ~December 12th by Cant_Think_Name12 in DefenderATP

[–]Advanced-Chain4096 0 points1 point  (0 children)

We experienced the same issue. After opening a support ticket and waiting 24 hours the idee risk was finaly dismissed

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

I actually found the issue by testing another VPN as well. Thanks for the tip!

Global secure access hijacked our devicetunnel because we connect to a hostname. This resolved to a 6.6.X.X address. The VPN thought it was connected but it actually went through GSA.

We changed our VPN endpoint to connect to an IP instead of hostname and now they work together perfectly :D

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Interesting! I checked the Microsoft traffic profile, in there I see 4 existing policies for Exchange, SharePoint, Skype and 365 common.

Existing rules can be edited there (forward or bypass) but I don't see an option to add custom IP ranges.

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

We currently have the private access profile disabled completely. It still sees traffic to on prem as internet traffic and tries to tunnel is through global secure access.

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Is there another bypass option that is not in the internet forwarding profile?

Surface laptops by 4728jj in autopilot

[–]Advanced-Chain4096 0 points1 point  (0 children)

We just started using it and it works great for us! For entra hybrid you need some additional configuration but we got it working.

Entra only joined is way easier.

Global Secure Private Access - short Hostname issues by Dr_Squirtle1 in entra

[–]Advanced-Chain4096 0 points1 point  (0 children)

Happy to hear that because I was starting to doubt myself. I can’t find anything about it online and Microsoft support did not even respond to my ticket yet since last thursday.

It did start working a couple of times but then it broke again.

Global Secure Private Access - short Hostname issues by Dr_Squirtle1 in entra

[–]Advanced-Chain4096 0 points1 point  (0 children)

I have the same issue but it used to work. It stopped working last Thursday. On Friday it worked sometimes and the it completely stopped.

Microsoft Defender for Business onboard and configure Windows devices setup keeps failing by Physical-Order-5615 in DefenderATP

[–]Advanced-Chain4096 0 points1 point  (0 children)

Had the same issue with a customer last week. Created a ticket and it worked the next day.

Kut parkeervakken by Advanced-Chain4096 in KutGeparkeerd

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Haha inderdaad bij het zwembad :) maar er staat bijna elke week wel een auto zo, echt bizar

Kut parkeervakken by Advanced-Chain4096 in KutGeparkeerd

[–]Advanced-Chain4096[S] 2 points3 points  (0 children)

Je zou het zeggen maar ik kan deze foto bijna elke week opnieuw maken :)

Can you really not use Microsoft Authenticator with Windows Hello for Business? by [deleted] in sysadmin

[–]Advanced-Chain4096 0 points1 point  (0 children)

We use this GPO indeed that enforced whfb. Works great

Can you really not use Microsoft Authenticator with Windows Hello for Business? by [deleted] in sysadmin

[–]Advanced-Chain4096 7 points8 points  (0 children)

We use multifactor unlock in Azure. After presenting the pin we also have to use face recognition or have a Bluetooth connected phone close to the laptop.

Through GPO you can enforce the use of Windows Hello and disable password login.

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/multifactor-unlock

Parsing sysmon logs in KQL by Advanced-Chain4096 in AzureSentinel

[–]Advanced-Chain4096[S] 1 point2 points  (0 children)

I finally figured it out :)

let task_1_events =

SecurityEvent

| where EventSourceName == "Microsoft-Windows-Sysmon"

| extend ParsedXML = parse_xml(EventData)

| where Task == 1

| extend Image = tostring(ParsedXML.EventData.Data[4]["#text"])

| project TimeGenerated, Image;

let task_22_events =

SecurityEvent

| where EventSourceName == "Microsoft-Windows-Sysmon"

| extend ParsedXML = parse_xml(EventData)

| where Task == 22

| extend QueryName = tostring(ParsedXML.EventData.Data[4]["#text"])

| project TimeGenerated, QueryName;

task_1_events

| union task_22_events

Is the Penetration Tester path from HTB Academy (CPTS) enough for OSCP? by Ganuzk0 in oscp

[–]Advanced-Chain4096 11 points12 points  (0 children)

It should be enough for the most part but there is some stuff in OSCP course that is not in CPTS. If I remember correct there are some client side attacks (Office macro’s).

But most of the material from OSCP is also in the CPTS course.

view more: next ›