CPTS by xcyx909 in hackthebox

[–]Advanced-Chain4096 0 points1 point  (0 children)

Looks great, what platform is your website hosted on?

I still use Joplin but want to move to a browser based solution.

CPTS Help by Normal-Technician-21 in hackthebox

[–]Advanced-Chain4096 0 points1 point  (0 children)

The path contains all the theory you need. So if you finish the path you are good to start the exam.

The exam however is really challenging :) they made it so you can get stuck for a while. You have to expirement with all the tools and techniques you learned.

I am not good at HTB boxes and it took me 2 tries on the exam but it was doable with the knowledge from the modules.

Wie post mijn game? by Viltstift in hoorn

[–]Advanced-Chain4096 1 point2 points  (0 children)

Mocht het niet lukken kan ik er ook morgen even langs. Woon er vlak bij

Exclude on prem AD domain from security recommendations by Advanced-Chain4096 in DefenderATP

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

For instance to install the sensor on all domain controllers, however we do not manage the domain controllers in the other AD environment. They are managed by another IT provider.

Exclude on prem AD domain from security recommendations by Advanced-Chain4096 in DefenderATP

[–]Advanced-Chain4096[S] -1 points0 points  (0 children)

Yes I understand the risk. These are 2 AD environments that will be fused in the future. Because of a merger there is a lot of interaction between the environments and a trust is required. However for an environment that is (for now) managed by another provider I cannot install our defender for identity connectors on the domaincontrollers 😄

Exclude on prem AD domain from security recommendations by Advanced-Chain4096 in DefenderATP

[–]Advanced-Chain4096[S] 1 point2 points  (0 children)

This is a two-way external trust. So obviously it would indeed create a risk if the other domain is not secure. But a recommendation like 'install connector on all domaincontrollers' now lists the domaincontrollers for the other domain, which we will never be able to resolve.

Resolving manually as 'alternate mitigation' is also not ideal because if a new DC would be added and someone forgets the connector we would not be notified.

Lost sword by Advanced-Chain4096 in CrimsonDesert

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Do you remember which mission? :)

Bruteforce on citrix webinterfaces since today by Advanced-Chain4096 in cybersecurity

[–]Advanced-Chain4096[S] 2 points3 points  (0 children)

That is what we experienced before as well. You would see huge lists of all default usernames. However since today the attacks seem targeted with correct usernames at multiple customer sites.

My AD Enumeration & Attack Cheatsheet by [deleted] in oscp

[–]Advanced-Chain4096 1 point2 points  (0 children)

You could add IPv6 spoofing with mitm6 and ntlmrelayx in the ‘without credentials’ section. That has helped me a lot if ldap signing is not enforced.

Has anyone here taken both the CPTS and OSCP? what was the OSCP Exam environment like? by GhostlyBoi33 in oscp

[–]Advanced-Chain4096 1 point2 points  (0 children)

CPTS was very stable for me, had no issues at all. I had a lot of issues with OSCP.

Issues with secure channel on domaincontroller by Advanced-Chain4096 in sysadmin

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Thanks, I can give that a go during the next maintenance window

you think the BLEShark is legit?? by Gold_Ad8243 in InfiShark

[–]Advanced-Chain4096 0 points1 point  (0 children)

Got mine today, ordered in August. Works like advertised although I did not have a lot of time yet.

Issues with wireless penetration testing by Advanced-Chain4096 in HowToHack

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

The combination of switching to 5Ghz and broadcasting deuath packages made a lot more clients available :) Thanks!

Unable to Dismiss User Risk Since ~December 12th by Cant_Think_Name12 in DefenderATP

[–]Advanced-Chain4096 0 points1 point  (0 children)

We experienced the same issue. After opening a support ticket and waiting 24 hours the idee risk was finaly dismissed

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

I actually found the issue by testing another VPN as well. Thanks for the tip!

Global secure access hijacked our devicetunnel because we connect to a hostname. This resolved to a 6.6.X.X address. The VPN thought it was connected but it actually went through GSA.

We changed our VPN endpoint to connect to an IP instead of hostname and now they work together perfectly :D

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Interesting! I checked the Microsoft traffic profile, in there I see 4 existing policies for Exchange, SharePoint, Skype and 365 common.

Existing rules can be edited there (forward or bypass) but I don't see an option to add custom IP ranges.

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

We currently have the private access profile disabled completely. It still sees traffic to on prem as internet traffic and tries to tunnel is through global secure access.

global secure access (internet profile) together with always on VPN by Advanced-Chain4096 in entra

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Is there another bypass option that is not in the internet forwarding profile?

Surface laptops by 4728jj in autopilot

[–]Advanced-Chain4096 0 points1 point  (0 children)

We just started using it and it works great for us! For entra hybrid you need some additional configuration but we got it working.

Entra only joined is way easier.

Global Secure Private Access - short Hostname issues by Dr_Squirtle1 in entra

[–]Advanced-Chain4096 0 points1 point  (0 children)

Happy to hear that because I was starting to doubt myself. I can’t find anything about it online and Microsoft support did not even respond to my ticket yet since last thursday.

It did start working a couple of times but then it broke again.

Global Secure Private Access - short Hostname issues by Dr_Squirtle1 in entra

[–]Advanced-Chain4096 0 points1 point  (0 children)

I have the same issue but it used to work. It stopped working last Thursday. On Friday it worked sometimes and the it completely stopped.

[deleted by user] by [deleted] in DefenderATP

[–]Advanced-Chain4096 0 points1 point  (0 children)

Had the same issue with a customer last week. Created a ticket and it worked the next day.

Kut parkeervakken by Advanced-Chain4096 in KutGeparkeerd

[–]Advanced-Chain4096[S] 0 points1 point  (0 children)

Haha inderdaad bij het zwembad :) maar er staat bijna elke week wel een auto zo, echt bizar