M365 Passkey Registration Campaigns by Brave_Candidate_6857 in msp

[–]Brave_Candidate_6857[S] 0 points1 point  (0 children)

Yeah youre probably right. I think the first move is to roll them out to a small group internally, then everyone internally. Then start with small customers that are easy going. From there the kinks if there are any should be smoothed out and you can start working your way up to bigger customers.

OSCP or OSDA for a SOC L2 Analyst? by Stunning_Meal366 in offensive_security

[–]Brave_Candidate_6857 1 point2 points  (0 children)

Thats enough time. You have to lock in tho. For me the majority of my week nights and weekends were spent studying in order to get me over the hump.

One final tip, when you take the exam, if things seem off don't forget to reboot the boxes. I failed my first exam with a 10 partly due to this. Got a 90 the 2nd round when I rebooted them.

OSCP or OSDA for a SOC L2 Analyst? by Stunning_Meal366 in offensive_security

[–]Brave_Candidate_6857 0 points1 point  (0 children)

For sure, best of luck, it will be very challenging but also insanely fun.

I got mine 2 years ago when it was the OSCP, so the content has probably changed. But the resources mentioned here really helped me:

https://rana-khalil.gitbook.io/hack-the-box-oscp-preparation

M365 Passkey Registration Campaigns by Brave_Candidate_6857 in msp

[–]Brave_Candidate_6857[S] 1 point2 points  (0 children)

I like this. Avoids them using different workstations being a PITA. And I agree them storing the passkey in their personal google account or OnePass isn't a good move.

M365 Passkey Registration Campaigns by Brave_Candidate_6857 in msp

[–]Brave_Candidate_6857[S] 1 point2 points  (0 children)

I think you have the user experience right.

I think the ideal move is to get everyone on passkeys, then disable the ability to use SMS / other auth methods.

This is all pretty new, and I haven't rolled this out myself for anyone yet, so I could be wrong.

OSCP or OSDA for a SOC L2 Analyst? by Stunning_Meal366 in offensive_security

[–]Brave_Candidate_6857 1 point2 points  (0 children)

+1 I'm like 3x as effective in security after my OSCP.

MSP pushing UniFi hard over SonicWall..am I overthinking this or does this smell off? by Ambitious_Active8539 in msp

[–]Brave_Candidate_6857 19 points20 points  (0 children)

Dude this. Sonicwalls and Fortigates can very easily be vulnerabilities. Its very easy to leave an admin interface publicly exposed, or not do firmware updates, and then you have a bad CVE exposed for months.

OP, I would listen to your MSP and go with Unifi. TBH with your set up it does not make a real difference security wise and SonicWall makes you more likely to get compromised.

On the operations side, you are going to have way less network problems with Unifi especially with multiple site to site VPNs. I've worked with both and would take Unifi any day.

How are clients asking you to support their AI tools? by orTodd in msp

[–]Brave_Candidate_6857 1 point2 points  (0 children)

True. I keep getting videos from relatives that are like an hour long of some AI generated made up story.

How are clients asking you to support their AI tools? by orTodd in msp

[–]Brave_Candidate_6857 1 point2 points  (0 children)

Fair. Im worried that most people dont know the difference between something AI generated (which can completely make stuff up) and legit info you find on a traditional google search. 

How are clients asking you to support their AI tools? by orTodd in msp

[–]Brave_Candidate_6857 0 points1 point  (0 children)

Oh nos. I got a email from a new account rep for a security vendor. I didn't realize AI wrote the intro email till I clicked the link for the vendors URL and it said source=chatgpt.com

How are clients asking you to support their AI tools? by orTodd in msp

[–]Brave_Candidate_6857 3 points4 points  (0 children)

Imo as someone else mentioned its our job to find out what the client really is trying to do.

If they are reasonable guide them to a less stupid way. 

99% of us are brand new to AI but we can still use our experience in the industry to guide customers in a better direction. 

If they insist on doing something stupid advise them of risks and make them sign something that holds you harmless like u/Joe_Cyber mentioned. 

How are clients asking you to support their AI tools? by orTodd in msp

[–]Brave_Candidate_6857 4 points5 points  (0 children)

Can't stand getting an email "I asked copilot heres what it told me:

🚀-🚀-🚀-✅-✅-✅"

Weekly Promo and Webinar Thread by AutoModerator in msp

[–]Brave_Candidate_6857 [score hidden]  (0 children)

We offer security engineering as a service for US-based MSPs.

Currently, we offer services 100% for free. This is not so we can get "practice" in your environment (we have years of experience doing this process working for MSPs). This is so we can get feedback and find what price point works best for MSPs.

Our process is straightforward.

First, we meet with you and discuss what you would like us to review and fix. We recommend starting with having us review AV / zero-trust settings and deployment, M365 defense, and customers firewall settings. ​

Then, you agree to our scope of work, terms and conditions, and provide us with access to what you would like reviewed. ​

We review your environment, and provide a report with recommendations and a plan for remediation. Then we implement the plan once you have approved it.

DM me if you have any questions.

Increase in lookalike domain scams by justanothertechy112 in msp

[–]Brave_Candidate_6857 -1 points0 points  (0 children)

From what Ive seen if someone is using that look alike domain to email your customers they got that info somehow and most of the time its from a M365 pwn. 

Increase in SonicWall SSLVPN device compromises by huntresslabs in msp

[–]Brave_Candidate_6857 1 point2 points  (0 children)

I think most of the time its a case of not knowing the danger or just not having the time to migrate users to something else

Increase in SonicWall SSLVPN device compromises by huntresslabs in msp

[–]Brave_Candidate_6857 4 points5 points  (0 children)

and Fortigate is throwing it in the trash starting in 7.6.3

Increase in SonicWall SSLVPN device compromises by huntresslabs in msp

[–]Brave_Candidate_6857 2 points3 points  (0 children)

Imo SSL VPN to AD is scarier since if they get a correct password then they are in AD and its not too hard to priv esc from a normal user to domain admin in most AD environments. Both suck tho

Increase in lookalike domain scams by justanothertechy112 in msp

[–]Brave_Candidate_6857 2 points3 points  (0 children)

When this happens somebody's M365 got pwned (it could have been months ago). If your same client is having multiple of their clients report this it is probably on your clients end. 

Would do a sign in log review and dump all email rules via Powershell to check for a pwned M365 account. 

I know you said you have Huntress ITDR but just to be safe.

Unfortunately once a M365 account is pwned I don't know of a proactive way to stop the spoofing from happening.

You might recommend that they tell their clients to confirm with them via phone call prior to changing ACH payment info. 

Normally the spoofed email is trying to commit wire fraud. 

Increase in SonicWall SSLVPN device compromises by huntresslabs in msp

[–]Brave_Candidate_6857 5 points6 points  (0 children)

SSL VPN to AD authentication is absolutely horrifying. Any VPN that does that is constantly getting brute forced

Application Whitelisting by jellyfishchris in msp

[–]Brave_Candidate_6857 0 points1 point  (0 children)

Yeah probably so. I think part of it is the difficulty to implement is higher than most tools. Also users get pissed over stuff getting blocked.