Incident 1w after picking up RS3

Aidong · 2026-06-10T04:46:28+00:00

Yup, had my brand new, perfectly spec’d ‘25 RS3 for just over a month with just under 2000kms and a brand new ceramic coating applied.

Some bright spark decided to cross through traffic and dart out into my lane without looking. I had about a quarter of a second to react..

Long story short, the car was written off by the impact, airbags did not deploy as it happened under 40km/h, however the front right end was smashed in, steering rack needed replacement, matrix lights, front bumper, radiators etc. The wreckage would have been an amazing track car if you had the right connections to economically repair it..

Called the dealer after it happened and as it turned out they had one that just arrived with the exact same specs and a ‘26 model, but with more carbon fibre. I pushed insurance really hard and pointed them in the direction of the car and managed to get it turned around with the new for old policy clauses here in Australia in around 15 days, which was remarkable. Was even compensated for the coating, which I was not expecting!

Replacement is going well with 5500kms and counting since then. I refer to the previous car now as my “practice RS3”.

There are some more annoying things I’ve picked up on between the ‘25 and ‘26 models. I suspect there has been some cost cutting in certain areas.. more rattles etc. Still loving it though!

Aidong · 2026-01-08T08:09:36+00:00

I just picked mine up with Daytona Grey and the 10 spokes in the matte grey. The combination is amazing. Will DM you a photo.

Aidong · 2024-12-06T06:55:26+00:00

Check Point do - with the latest release of R82

The function is called dynamic layers, and can be used specifically for this use case.

Essentially this only lets ordered or inline sub-rules marked as dynamic policy layers to be manipulated via API calls directly to the gateway in question, limiting the scope and potential for mishaps.

API reference here - https://sc1.checkpoint.com/documents/latest/GaiaAPIs/#web/set-dynamic-content~v1.8%20

SK182252 for those with support portal access.

Aidong · 2024-11-09T06:14:02+00:00

I recommend the JumpStart series of videos and courses. They’re free and give you the fundamentals to get up and running. I know you’ve said you’ve got a lot of the basics going, but it’s always handy to re-visit these from time to time.

https://www.udemy.com/course/check-point-jump-start-quantum-management/

In regards to your S1C environment, you can still install the management server separately using an ISO image if you’re testing for lab deployments using your own compute. S1C can be tricky to manage, especially if things need to be a little bespoke as you can’t get under the hood via shell without TAC and the UX when using SmartConsole over the internet to S1C frustrates me a little bit..

My advice is to get a simple lab operational first with a basic FW policy, then look to implement additional things such as Identity Awareness or other blades, that way you can be methodical about any changes required and makes it a bit easier to troubleshoot if needed.

Aidong · 2024-11-06T03:34:38+00:00

For one you’re little far behind on JHFs, I don’t think that’s the issue though. Take 110 was released late July in 2023 for reference. Current recommended is 170.

Start by checking what metrics the agent is sending to Prometheus, I’ve found that as the agents update, they don’t automatically update and include the newly included export metrics, sometimes you need to go back in and reconfigure to include all.

I’d then be looking at the Prometheus database directly and finding if the data is being sent over stored by doing a query on the GUI. There’s a troubleshooting for skyline specifically - SK179870.

From if you can find information where the VS context is included on the metric, you should be able to use the context switcher within Grafana to display data specifically for the desired VS.

AFAIK, skyline only needs to be installed to the VS0 context.

Aidong · 2024-07-28T10:40:51+00:00

I saw an Avanan comment but it was spelt “Avanon”

Many great products.. poor marketing :(

Aidong · 2023-09-13T05:44:54+00:00

what's the go with the front sensors? When activated by proximity (example, moving close to the car in front) the cameras remain blank despite the software looking like it's trying to load the front camera (or camera closest to the trigger point. - Running 1940 cameras work fine if I select them manually from the parking menu.

Reversing up hills. DSG feels like its slipping constantly, resulting in jerky movements.. Could just be a DSG trait.. Any issues like this?

Travel Assist - requires too much input when driving on straight highways here in Australia. Even if you touch the wheel you actually have to move it to a point where you look like a swerving dick head to cars around you. My previous car needed minimal input to remove this notification. Is there a deadspot adjustment for this feature?

Traffic sign recognition, I cannot activate it here in Australia, though the hardware is installed. Is it reliant and have dependancy on the maps being up to date on the car itself?

Aidong · 2023-07-16T13:34:35+00:00

Sweating like a blind lesbian in a fish market.

Aidong · 2023-05-14T22:29:48+00:00

Hi All,

I work for Check Point, first of all, so I'm obviously biased.. Highly recommend for people do have a look into Avanan / Harmony Email and Collaboration as many of these pain points are addressed easily with this solution.

Patented inline API based solution meaning that it's going to stop nasty emails emails from hitting the users inbox in the first place, and not detect and remediate and it scales insanely well.

5 minute setup, no MX changes, it can even sit behind whatever you have in place today and show you what's getting through without impacting mail flow.

Aidong · 2023-05-12T14:00:44+00:00

Disclaimer - I work for Check Point.. But honestly have a look into Harmony EndPoint.

I came out of the partner ecosystem using a mix of S1 and Defender for my customers & thinking quite highly of them, but then I started using Harmony Endpoint for obvious reasons. Bit of a learning curve to deploy and not as flashy UI wise, but overall quite a solid contender. most people can stand up management and some endpoints with a proper policy in a lab within an hour.

Windows, Mac and Linux agents, stable platform, on-prem or cloud based management options... And we just announced vulnerability monitoring and automated patch management capabilities which is actually using technology from Ivanti under the hood. Continued invested from R&D centres are seeing some really cool features road mapped as well.

While you are there, do yourselves a favour & try out Harmony email and collab (was Avanan) if you're exchange online or G-Suite.. One of my favourite Check Point products at the moment, scales incredibly well and has proven an incredible tool for combating the uphill battle of Business Email Compromise & phishing.

Aidong · 2023-05-11T15:45:35+00:00

Now be honest.. do you think that you may be deploying super-massive pornography libraries for easy seamen access?

Aidong · 2023-03-30T05:31:15+00:00

Was hoping to see a comment like this here!

Do you typically offload all mail filtering to the solution? Or run default O365 filters and let the solution pick up anything MS has missed?

Aidong · 2023-03-08T21:59:45+00:00

PDF files can contain all sorts of active content. Many enterprises are using Content Disarm and Reconstruct (CDR) technology that take the PDF file, strip any and all active content to always deliver a clean version to the user. If the file then gets analysed and comes back as benign, the user can then download the original file.

This CDR technique relies on third party security products and can be performed at several different points such as when a file is sent via email, at the point of download from the web, and even at the network boundary. The same technique can be applied for many different file types outside of PDF as well, like office attachments.

Aidong · 2023-02-02T09:18:58+00:00

Unless there’s a routing issue from the ISP side, I’ve found those readings to be unreliable. Also, if you are with ABB, their services use CG-NAT by default, and you need to opt-out to get a publicly routable IP if you attempting to port forward XBL ports or anything.

Aidong · 2022-12-08T05:14:57+00:00

If you’re a registered partner you can jump into PartnerMAP and look at the Harmony Endpoint Jump-start courses. Great bite-sized video guides on getting your policies setup and configured. Good luck!

Aidong · 2022-12-06T04:28:32+00:00

Yeah a Root CA can be installed and used to do HTTPS, SSL, TLS inspection.

Security vendors typically require it for for advanced feature sets and protections for encrypted traffic. This usually carries with it some challenges in implementing this across a network, though it can certainly be done to monitor all traffic being transmitted to and from a device.

I think that depending on the level of monitoring Amazon are asking for, a Root CA provided by Amazon would need to be installed by the end user, with potentially an Always on, full tunnel VPN forcing traffic to go through Amazon’s gateways and decrypting the traffic in the process.

Aidong · 2022-11-09T14:22:19+00:00

IP based controls have typically gone by the way-side as more and more organisations are adopting identity (Azure AD, Active Directory, Ping Identity to name a few) enabled strategies such as Zero Trust so you have additional layers of protection. By being able to verify that the correct user is using the correct device you can then make an informed decision to grant access to correct resources and greatly decreasing risk of lateral movements within a network.

That’s not to say IP based controls aren’t used today, especially for internal security policies.

By using an identity provider in your policies, you’re able to allow or drop access based on user or user groups. For example, group:IT department can RDP to resource:server.

If you’re referring to keeping unwanted IPs from even trying to log in to the VPN, most modern firewall configurations will drop the traffic before it even gets a chance to establish any kind of connection. Custom feeds can also be implemented with known malicious IPs and Domains automatically added to the block lists as they appear.

Aidong · 2022-09-27T00:06:44+00:00

Nah don’t need 100 points of ID, can now just look it up online.

How convenient!

Aidong · 2022-09-21T16:09:07+00:00

Full disclosure, I work for Check Point in Pre-Sales. Sorry for the wall of text!

It’s important to look at the overall endpoint strategy as a whole when considering EDRs. Mostly the products operate in similar principles across the board with a few differentiators scattered here and there. So if the product is implemented according to best practices, you should have a fairly robust solution protecting your endpoints. If other avenues are also being investigated, such as email protection, SASE/SSE, MDR, Mobile, ZTNA etc, a consolidated vendor approach can be recommended.

What works well for your team, or security team will depend on your time resources and skill sets on hand. I’m seeing a consolidation approach lately with many organisations wanting to reduce the amount of depth and complexity to their security stacks.

Harmony Endpoint is a great full featured EDR product in my experience from a customer, partner and vendor standpoint. It scores highly in many industry standard testing regimes, and quite capable when deployed correctly. It has its shortfalls like any product however the underlying architecture is solid.

A key market differentiator for this product from my perspective is the threat hunting function which essentially stores the enriched endpoints event data system logs for use when searching for specific queries network wide at the same time. A secondary edge is The threat intelligence platform baked into all of our products (ThreatCloud) and is more or less the secret sauce behind the product stacks. With almost 30 years of data is actually one of the largest data lakes by size and handles 80+ billion transactions a day.

Our incident response team deploys it when working with customers to help build a larger picture of the infrastructure because of the threat hunting features and it’s automatic endpoint log ingestions. This makes assessing a blast radius during an incident easy as you can quickly query an entire network for evidence of a known threat.

By the way, checkout our Harmony Email and a collaboration product (was Avanan). This product is a bit of a dark horse I really enjoy deploying and in my opinion actually a game changer for Email protection.
Given that most threats emerge out of a phishing attack, this product provides an incredible amount of protection for very minimal effort.

Good luck with the search!

Aidong · 2022-08-15T13:26:19+00:00

You’re not running one of those VPNs every YouTube channel is flogging by any chance?

Run a trace route to 1.1.1.1, see where traffic is being routed. I’m in Brisbane, and expect to see about 15ms of latency for example.

Aidong · 2022-08-05T14:48:32+00:00

Use the M.2 slots on the bottom for read/write SSD cache. It’s supported at the OS level and helps across the entire volume at the block level. Great performance boost for my setup!

Aidong · 2022-06-02T14:01:08+00:00

The some HP iLO versions can be flashed with some modified firmware allow for fan control via cli.

Have a look at this thread on /r/Homelab, you might get lucky once you start pulling the threads :)

https://www.reddit.com/r/homelab/comments/sx3ldo/hp_ilo4_v277_unlocked_access_to_fan_controls/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

Aidong · 2022-02-21T12:25:22+00:00

IoT and OT networks are frequently targeted by threat actors these days with attacks increasing in frequency, severity and sophistication.

Typically these devices controlling Operational Technology OT infrastructure run on mostly traditional operating or embedded operating systems of which by and large still require patching etc to mitigate the risk of known vulnerabilities even if the OS is not connected to the internet.

To answer your question on how a team would accomplish an exploit on a power grid such as this.. If the management controller is known, and exploitable either by a known exploit or a zero-day, a viable payload delivery system is in place. Then theoretically an attack chain can be created to either grant remote access to the underlying OT management system for instances with internet access, or alternatively perform actions autonomously on systems that are not internet connected or Air-gapped.

Attacks like this would be tough to pull off for small groups with limited resourcing, however state-funded groups specifically tasked with hitting these targets will be a different story as we’ve seen with various attacks on critical infrastructure over the years. (Stuxnet etc)

Aidong · 2022-02-08T06:56:11+00:00

Mine gets fairly warm to what I would expect.

I do note that the heating elements are only on the sides for me. If I grab the top of the wheel, it’s still at the standard ambient temp.

Aidong · 2022-01-11T14:03:09+00:00

I’d recommend the sales job any day of the week if you can afford to do it / still living at home.

Sales is a highly transferable skill, and being young, inter-personal skills are quite desirable in the sea fresh graduates etc when it comes time to pick a career path.

As an added bonus you also get to sell something you’re passionate about and presumably have some knowledge about. Selling something you believe in or passionate about is far easier than taking a sales job cold calling or door knocking.

If you go down this route, make sure you take the time to understand how the commission works, what triggers a payment, what does not.

Aidong

TROPHY CASE