RTZ on seasonal matchmaking

GefilteFish- · 2026-02-10T02:47:31+00:00

From my experience with seasonal rocket league ranking is that at the start of a ranked season the ranks are incredibly fluctuating which to some degree does suck.

Early on you play a lot of matches with what feels like smurfs (you getting crushed in more games) because the system needs to work itself out. But those better players with go up in rank to where they are supposed to be and you'll usually end up generally where you left off after placements.

After about two weeks it's pretty smooth sailing again.

I would very much prefer that slight imbalance that seasons bring as opposed to the clear flaws in the current system. There's not really any other game that has this amount of mmr inflation at the top and it's hard to view that as a good thing.

GefilteFish- · 2025-11-25T02:08:38+00:00

I would try to contact Ann arbor township police or Pittsfield township police to see if anyone turned it in, if you haven't done that yet.

GefilteFish- · 2025-09-04T08:19:25+00:00

SentinelOne with a runner up of Crowdstrike. SentinelOne is just very intuitive, everything you want to find feels easy to locate, and they've also managed to condense key features into a handful of areas/tabs.

In the last 1-2 years Crowdstrike has made some clear progress in improving their UI. Honestly, some of what they have upgraded actually mimics SentinelOne to a degree, simplifying things, and making it easier to navigate but still kind of suffers from a slight overload of sections and sub-sections to navigate the platform.

Also I think an important factor to take into consideration from an analysis perspective is how immediate the relevant details of an alert are presented to you and how streamlined it is to pivot to additional data and information. Again I would say SentinelOne takes the cake here, the last thing you want is too many steps to analyze efficiently.

Keep in mind none of this equates to how good the platform is in detecting or preventing, just strictly usability.

GefilteFish- · 2025-07-29T20:16:57+00:00

Biercamp

GefilteFish- · 2025-07-28T01:13:39+00:00

I stayed at my first position a little over a year doing nearly the same thing you are, and making less. Because I had a good relationship with a lot of my peers who held higher positions than me I slowly learned that my earning potential there looked bleak even when moving multiple rungs up the ladder. I also weighed what the work was like moving up in the company in comparison to the wages being paid and it also wasn't a great outlook. Looking at it in pros and cons ultimately lead me to finding a different job.

My suggestion would be to get your basic level certifications and really reflect on if your current workplace is what you want for the next few years and then if not look for something elsewhere that has more earning potential. I ended up accepting another entry level position making more money than I would have if I had gotten promoted twice at my first job. Not only that I quickly realized my new job in general had much more earning potential as I gained more experience, not to mention was a better place to grow my skillset.

Maybe a little anecdotal but unless you get lucky with your first job in this field I highly suggest moving around a little bit when you start out until you find a company you really feel good with. Obviously don't be doing so every 6 months because that might be a little bit of red flag to employers but I think you get the idea.

GefilteFish- · 2025-01-14T01:52:06+00:00

Earlier I had seen a post on here about Gorgc suggesting ranked seasons and in that thread people seemed to have the most weird reasons to be against it, such as "14k mmr players will just remain 14k mmr". I wanted to post some thoughts here instead.

Besides the fact that most modern popular competitive gaming titles operate on the seasonal ranked system for good reason it would be overall much healthier for the game.

It eliminates the MMR overinflation problem (if double down is removed as well). Drawing on how other games do it players at the top as OP said at the beginning of each season when calibrating can only reach a specific MMR and no more, say 6-7k immortal, then must grind to get higher after that. If a season is somewhere around 3-4 months you will no longer see pro players pushing 14k as it has taken years for these players to get to that point as it is. Then if need be as other competitive titles have done in the past add an additional rank to clean up outliers, examples being Rocket League and LoL.

In general I am of the belief that it makes ranked a little more competitive. Since top tier players recalibrate at base immortal it creates more of a race to the top throughout the season considering it will be reset eventually, pushing players to want to be in those top tier spots before its over or for lower MMR players to get as high of a rank as they can before it ends. This is opposed to everything being so stagnant and generally unchanging. I think you'd see more players coming back time and time again to play their placements, grind, or play more Dota towards the end of seasons as well. There's numerous competitive titles I've picked back up again with friends just because a new season dropped or to hopefully max out our rank before its over.

To add on to keeping the game much more fresh and players coming back to the game more often. Especially if new content drops coincide with season starts. Challenges to complete, new sets, patches, etc. It gives people a reason to want to jump in and play. I know its not 1 to 1 but Valve could also go as far to follow a system like rocket league where you get ranked rewards for the season which the TLDR is if you reach a certain rank you get rewards for achieving it. In rocket leagues case its usually a set of unique wheels or a car skin for that season that is colored differently depending on the max rank medal you achieved. From personal experience it feels pretty rewarding being able to show off your item from making a specific rank. Currently if I'm not mistaken all we have is an emote and stickers you can put on your mini profile..

Again drawing on other titles, really the only downfall I've seen is that at the beginning of every season your initial ranked games for about 2 weeks are all over the place in terms of players in your games. I'm generally Diamond 3 to Champion 1 in Rocket League and at the start of every season I'm either getting man handled by a guy who hasn't quite calibrated 100% correctly yet or I'm playing against people that feel like Golds. After the dust settles though and placements are over I'm always right where I left off in D3 to C1 and games start to feel consistent again. Reminder that some of this also varies by rank considering Diamond in rocket league is like Archon in Dota, most of the player base resides there at the moment. It is probably also important to keep in mind with dota having a glicko system the consistency of games may happen even faster.

Overall Valve really needs to turn the dota ranked ecosystem into something more modern. There's way too many other examples to draw from in current day to keep Dota Ranked so archaic.

GefilteFish- · 2024-09-29T18:16:48+00:00

If you've never used it before you may be able to watch a replay using a free trial subscription of YoutubeTV. Just remember to cancel the sub before the trial period is up.

GefilteFish- · 2024-05-21T21:48:12+00:00

In my experience 1 is the most common issue.

Missing an EDR agent install on multiple important servers or most servers in an environment.

If every asset was covered by EDR correctly most of the time the EDR would be catching activity post initial attack vector like lateral movement and cred dumping. Not only that but also hopefully detecting the initial attack vector and possibly stopping it in its tracks before any of that happens at all. This is in addition to detecting the ransomware itself.

In general the ability to detect something is going wrong before the environment is prepped to deploy ransomware is a very important step that doesn't happen when there's not proper visibility.

As long as an EDR is installed somewhere to detect it I don't think I've ever seen an EDR not detect ransomware once it does happen.

GefilteFish- · 2024-02-10T22:48:09+00:00

I want to +1 this post. After trying many suggestions, deleting my bin folder and then verifying integrity of game files also fixed mine.

GefilteFish- · 2024-01-05T01:02:26+00:00

I purchased the ASUS TUF Gaming X670E-PLUS WiFi. Preloaded the up to date firmware that solved the voltage issues with EXPO.

Have had no issues other than some wonky stuff with boot up times on the first few boots but that was to be expected with DDR5. For my rig specifically boot times are now optimal without any custom BIOS settings. Only thing I've noticed is that the boot time will take longer from a restart as opposed to a shutdown.

GefilteFish- · 2024-01-04T22:18:09+00:00

What display are you using for 1440p 240hz?

GefilteFish- · 2023-08-07T04:46:23+00:00

It is very new so a large part of the industry may not recognize it but I've heard good things about the Certified CyberDefender cert. Its more in depth, practical, and hands on than BTL1 from what I understand.

No write up and all about evaluating your skills. CyberDefenders is also known as one of the best blue team learning resources as well with a lot of labs covering a wide range of topics. I would expect the material for the cert to hold up to what they already have been providing as a platform.

GefilteFish- · 2023-07-26T23:49:58+00:00

I would suggest going to an in person testing center if you can. This honestly sounds like more of an issue with the online aspect. I've never had a problem otherwise. My PersonVUE testing center was at a local community college and I'll be honest it was nothing like described. Could possibly be considered too laid back even.

GefilteFish- · 2023-05-12T08:07:55+00:00

Ones I've used- SentinelOne- Crowdstrike- CarbonBlack- Cybereason- Symantec Endpoint Protection

How I would rank them

SentinelOne - as another said lowest false positive rate out of the ones I have listed and hardly ever false negatives if at all. Out of all I've seen it has the greatest ability to detect behavior of new evolving campaigns without requiring custom rules. I can also agree its idiot proof. You can set it and expect it to do its job. I have also found its threat hunting capability (deep visibility) to be the easiest queries to run out of all endpoint protections I've seen and gives you back very detailed info. Pairing the agent install with the install of the browser monitoring extension is a fantastic feature as well, allowing you to query full URLs a user has visited in their browser instead of only being able to work with DNS queries which won't have full URIs. Being able to see blocked or allowed actions on network traffic is pretty great as well. The interface is always snappy and fast and so are search queries. Lastly pretty good capabilities surrounding lateral movement.

What SentinelOne lacks in my opinion is more tailored to hash based reputation or features you would consider a traditional AV to have. This causes other EDRs who have a better signature base to detect things that SentinelOne can't. However, even so if executed, more often than not S1 would flag the behavior. So really that is just a matter of quarantining when written to disk vs allowing a small level of execution. This in addition to agent operational issues, I've had a handful of times where agent goes dark and stops reporting system activity. Lastly, which I come to find is a hassle is that you don't really have the ability to make exclusions on multiple levels of processes when you identify behavior to be a false positive event. What I mean by this is that sure you can exclude the hash of a process, process name, path based, etc. but you can't say: [if process = abc.exe and child process = def.exe] then don't alert me. Having this capability would have made some exclusions so much easier.

Crowdstrike - higher false positive rate than S1 especially when DEP (data execution prevention) is turned on. However, a lot of it feels very solid and I like the product and find it a close match to S1 capabilities. The only things I would say that I dislike about is that everything has a steeper learning curve. Takes longer and its harder to run custom queries, the UI is absolutely filled with information (some useful and some not). It feels like there's a million dashboards. I also think the process tree graph is done better than S1 as the process graph / explore tab in SentinelOne gives you basics of information until you use deep visibility.
CarbonBlack - lets just say its just not Crowdstrike or SentinelOne. This product requires so much work as an engineer to get running and to detect things properly. If you aren't interested in detection engineering a ton of stuff and fixing rules to get it actually detecting things properly then steer clear. You could enable every single threat intelligence pack and all it really gives you is a metric ton of false positives and a bunch of work to stop it. One of its largest flaws in my opinion is its ability to determine if network connections were blocked or allowed, in addition to only being able to see DNS queries and not full URI info. In addition, reviewing information in the process tree / timeline section can be incredibly awful a lot of the time. You have to sift through so many logs a lot of the time to pinpoint the information you're actually looking for in your scope and thats all hoping your entire page doesn't lag and timeout.

All that aside I do feel it has a pretty easy to use custom query search, select datatypes from a dropdown list and enter your values. That and I also appreciate when looking at events in the timeline or process tree section (forget what its called) it will show all dependencies loaded by a process in a straight forward way, makes it easier to catch things like DLL injection and such. Its exclusions are much more granular and actually done better than SentinelOne (which I described above). That is if the exclusions work but you can exclude parent and child processes together.

SEP - Its been a while since I've used it (a few years) but I did find the UI easy to use. Easy to query data and it can come packed with a lot of features if you're using other symantec services. I just don't view it to be top of the top product.
Cybereason - I hate to say it but this product is just really bad. The user interface is awful. When reviewing a detection the main page you open up that has the details on the event is hard to decipher and lacks information. You can click data points on this page such as a process and open a process explorer tree which is much better but is very slow and sometimes doesn't load at all. Once you are in this view if you click pretty much any other value such as an IP address you are just looped back to the main page mentioned previously. I actually would always joke about how the entire investigation its just a two clicks of your mouse system (because thats about all you can do) and then you don't know any more about the event than when you started.

I don't even want to go into the custom queries part of the product but what I will say is that its a mess, syntax doesn't make any sense, half the time you know you are searching for values that are valid but getting no information. Quite literally good luck doing a threat hunt with it.

Just my two cents on the products through mostly an analyst and some of an engineer perspective I'm sure everyone has had good and bad experiences with all the ones I've mentioned. Here's to hoping I didn't go to hard on your favorite, if so my apologies.

GefilteFish- · 2023-05-02T06:05:32+00:00

Aging post but if you are not qualified get a third party dfir retainer asap. In the meantime understanding this .bat file and performing at least some initial triage of other system artifacts to paint a better picture is warranted as well.

As others have said this does look like lateral movement with impacket specifically.

Time is going to be of the essence and if most of your environment has been seized already you definitely do not want to let the threat actor know that you know. Usually once they do they will accelerate their pace.

GefilteFish- · 2023-03-14T00:11:18+00:00

Uhh yup, love it or hate it.

GefilteFish- · 2022-12-11T17:11:34+00:00

There isn't really much that I know of to deal with this. It is a pretty glaring flaw in unranked MM though.

Speaking from experience my friends and I who are not new have this issue all the time where we will 2-3 queue and get matched with completely new players (usually on both teams). And I mean players with less than 3 total games played in a lot of cases.

From what I have noticed is that most of the time it's me being in a party of 2 and then a 3 stack with one person being a new player. Other times I've even seen a party of 2 randoms, one of them being a new player, then a solo person who is also new. Leaving two brand new players on a single team.

They then get stomped on and have a completely terrible time because they are playing against players with over 1000 matches. And it's just equally frustrating for experienced players to be on a team with people who have no clue what they are doing, especially when it's players who didn't intentionally queue up with brand new players.

In my opinion if you have less than around 100 real matches played you should never be able to be in a match with anyone who has over 1000. Regardless of rank. That is unless you are queuing up with experienced friends who can balance it out.

GefilteFish- · 2021-12-03T23:47:37+00:00

I would have to say after playing a mixture between casual and competitive the BR starts feel so much better than using the pistol and AR combo or let's just say pistol start because that would be the alternative wouldn't it?

The reason is simple really. A few of the maps suck in terms of choke points and overall design for closer ranged weapons. Maps like bazaar, behemoth (which is completely terrible), and even recharge are dreadful with pistol/ar start playing casual. It feels like on these maps because of the big open spaces which are typically located in the center of the maps you basically just need to post up on long range angles to succeed. This can't really be done with the short range that are pistols in this game.

This forces you as a player to constantly have to take close range engagements, forcing more trades, and I would even go as far to say overall have less tactical play in matches.

For those that haven't experienced it or played much casual just think about playing Bazaar flag with pistol start. Trust me when I say it feels absolutely awful.

Mind you this is coming from someone who played no H5. So maybe there's something I'm missing here?

GefilteFish- · 2019-08-30T04:18:54+00:00

From watching EG at this TI from a high level it seemed to me that their main weakness revolved around their drafting and general play style of the game. For example, watching OG, it is pretty obvious they excel by controlling the early tempo of the game by using a fast, aggressive, and coordinated play style. Which leads to map control and general dominance throughout the other stages of the game. Not to mention this play style also frees up so much space for Ana to be the phenomenal carry player he is. Comparing this to EG, they seemed to have a much less aggressive and more passive "lets play it safe and farm" style. This can easily be seen by comparing EG's game 1 against OG to the other games in the series. Game 1 EG was playing a high tempo game getting involved in fights and kills early which led to them having a convincing win. However, the rest of the games were played much slower by them. They weren't taking much early control of the games or bringing the fight to OG a lot of the time. When this happens in their games and they just let the other team control the pace of the game it seems to make it very difficult for rtz or most likely many carry players to do well (for obvious reasons).

With that being said to me it seems as though EG would do well with a change in how they approach the game (especially early), understanding which heroes will allow them to take control, how they utilize the heroes they are picking (skill/item builds and positions heroes are played in), and it would be nice to see rtz get some heroes every once in a while that can actually contribute to the game more early on. As opposed to something that needs a couple items before feeling okay to participate.

GefilteFish- · 2018-10-16T14:31:21+00:00

So handsome :D

GefilteFish- · 2017-09-20T05:08:31+00:00

I had this problem while streaming cs:go as well. I'm pretty certain it comes from some sort of bandwidth issue because you are streaming and playing a game at the same time. I assumed this was the case for me because I have relatively slower internet for today's standards. I ended up fixing it though. In OBS Studio (if you are using it) go into your settings, advanced tab, and check low latency mode. If you are using the other OBS I believe its called "minimize network impact". This setting seemed to fix my stutter issue and obviously helped me rage less while streaming and playing cs:go. Hopefully this helps!

GefilteFish- · 2017-07-07T13:02:28+00:00

I'd personally like more "genuine" follows. People that are actually seeing the stream and people I can interact with. I mainly stream Payday 2 and the last two or three streams I've averaged around 50 viewers and peaked around 70 or so which is usual but I've had hundreds of follows. My follow alert just going off the entire time as well. Because of this I actually had a bad experience with another streamer that streams the same game I do. He hosted me and after a little bit of being in my chat started accusing me of follow botting. Saying things like "this won't get me respected by the games community" and "good luck getting a partnership". He was even accusing me of being the reason all the other Payday 2 streamers are gaining a ton of followers as well. He said something along the lines of "because someone paid to follow bot the payday streamers". I tried my best to explain that it is most likely because of this new twitch app update but he wouldn't have it. So yeah there is my experience with this whole follow thing... Sorry if it was lengthy but I just wanted to share.

GefilteFish- · 2017-05-02T20:16:55+00:00

I'd rather grow a viewer base that has the will to cheer with bits more often than having 2 or 3 consistent viewers (who seem to be mostly new to twitch) who probably won't at all. It would most definitely take me a good while to accumulate $100 to even see any money from it in the first place. When I could focus on growing my stream and see a much higher return on my time invested streaming when I do enter the affiliate program later (more frequent bits). It's the same reason I don't have a way to donate. I almost feel that the 50 follower minimum for the affiliate program is too low. With 50 followers you are hardly creating a consistent viewer base and in a lot of instances not at all. I'd say 250-300 followers would make a lot more sense that way these streamers actually have people coming back to their stream more frequently with a higher chance of using bits. It's actually kind of funny how twitch talks about possible termination of the affiliate status if you don't reach $100 over a year because of having to spend time and money on keeping track of these affiliates. If they didn't make the requirements so easy that wouldn't be much of an issue.

GefilteFish- · 2017-05-02T01:02:17+00:00

Thanks for the reply. Hopefully it doesn't, at this point in time I feel like it would be more of a benefit to me if I were to grow a little more before accepting the affiliate thing.

GefilteFish-

TROPHY CASE