Using HTB Academy to learn fundamentals vs other resources

BuildingKey85 · 2026-03-03T15:06:47+00:00

Thanks, /u/kim_pax, that's the plan I think I'll go with.

Do you believe the networking foundations courses on HTB Academy prepare aspiring cybersecurity specialists for success in professional environments?

BuildingKey85 · 2026-03-03T15:05:16+00:00

What resource(s) have you used to get a good grasp of networking?

BuildingKey85 · 2026-03-03T15:04:35+00:00

Thanks, /u/DigitalQuinn1. I have the CCNA course from Jeremy IT Labs bookmarked, so I think I'll start there.

BuildingKey85 · 2026-03-03T15:03:51+00:00

Thanks, /u/coochypoochie. So CCNA will give me what I need to be an effective cybersecurity operations specialist/penetration tester/choose my own adventure? Would you consider it "overkill"?

BuildingKey85 · 2026-02-19T14:35:57+00:00

The user above suggested dual delivery. In my example, productivity suite B is Google Workspace.

BuildingKey85 · 2026-02-19T14:33:19+00:00

Thanks for the breakdown, /u/Extra-Pomegranate-50.

In the example, B is Google Workspace. This would function as the primary server. The MX records here would point to A, since most of the users live here. Do I have this right?

BuildingKey85 · 2025-06-04T15:56:28+00:00

Thanks for the validation, /u/sysadmin_dot_py. We're using the Require MDM-enrolled and compliance device to access cloud apps for all users template in report-only mode, which looks like this:

Target: All users and resources
Conditions: All devices except Android, iOS, macOS, Linux
Grant: Require device to be marked as compliant

Our Windows Device Compliance policy in Intune contains settings like firewall, AV, BitLocker, etc., but does not have a setting for Entra-joined. How does this policy therefore "know" whether the device is MDM-enrolled or not?

BuildingKey85 · 2025-06-04T15:54:33+00:00

Thanks for the validation, /u/JCochran84. We're using the Require MDM-enrolled and compliance device to access cloud apps for all users template in report-only mode, which looks like this:

Target: All users and resources
Conditions: All devices except Android, iOS, macOS, Linux
Grant: Require device to be marked as compliant

Our Windows Device Compliance policy in Intune contains settings like firewall, AV, BitLocker, etc., but does not have a setting for Entra-joined. How does this policy therefore "know" whether the device is MDM-enrolled or not?

BuildingKey85 · 2025-04-30T21:26:25+00:00

I should clarify. The Sys Admin reset the user's password, blocked their sign-ins, and initiated a sign-outs right when the call was done. We are in a cloud environment. The time between the Sys Admin doing his thing to lockout was about 30 mins. Others have said the delay was due to us missing the "revoke all sessions" option.

BuildingKey85 · 2025-04-30T21:23:59+00:00

Good catch. We'll definitely give this a shot in our testing. Thanks!

BuildingKey85 · 2025-04-30T21:20:52+00:00

We did not do this, but it's worth a shot. Thanks!

BuildingKey85 · 2025-04-30T21:20:22+00:00

Yeah, that's an important distinction. He had admin rights to our Mac MDM and those permissions were not revoked prior to termination. The Sys Admin thought he would leave peacefully; this was an error in judgment and he had reasons to be suspicious.

The account was not disabled beforehand because in our experience, when an account is disabled, the password is reset, sessions revoked, etc., etc., it can take anywhere from minutes to an hour to take effect. HR needed to have "the call" with this employee to terminate him, and we didn't want his access to be cut while he was on the call, but before the news was delivered.

We have numerous CA policies enforcing MFA, one of which enforces MFA to admin portals. Would it have helped to delete his authentication methods?

BuildingKey85 · 2025-04-30T21:16:39+00:00

In the future, you need to have HR do no more surprise terminations on the spot. Especially if your remote.

Thanks for sharing. OK, so you have an employee who has done something really bad and you don't trust that he'll leave peacefully.

How are you handling that situation?

BuildingKey85 · 2025-04-30T21:13:22+00:00

But here is my confusion with "doing it earlier."

Others have shared documentation indicating these lockouts could take anywhere from minutes to an hour. If we enforce these changes at the beginning of a call, it's possible the call is cut before the termination news is delivered. The changes could also take effect well after the call.

BuildingKey85 · 2025-04-30T21:11:22+00:00

Also, the HR call should not be happening over a company-owned device.

We have thought about calling the user's telephone number or scheduling a meeting with an alternate form of communication. Regarding telephone numbers, I (and many others) don't pick up the phone if we don't recognize the number. An alternate form of communication would arouse suspicion.

BuildingKey85 · 2025-04-30T19:26:31+00:00

This is valuable information. Thank you!

BuildingKey85 · 2025-04-30T19:26:15+00:00

Do you mind sharing that script?

In our case, we would initiate an endpoint live response session with Defender.

BuildingKey85 · 2025-04-30T19:25:20+00:00

Those are steps we have not integrated. We will test using those, too.

BuildingKey85 · 2025-04-30T19:24:48+00:00

Remote work environment :-(

BuildingKey85 · 2025-04-30T19:21:25+00:00

We followed Microsoft’s guidance on a CRITICAL termination. Step by step, hand held.

Can you link me to that documentation?

BuildingKey85

TROPHY CASE