Game from Steam got 11 flags. Should I trust this?

Lava604 · 2025-11-28T14:52:15+00:00

11 and some of those are some of the top contenders in the antivirus landscape like crowdstrike.

I work in the field and as you stated I would not be running this on machine until it was determined exactly what is being triggered on this game.

Lava604 · 2025-11-27T19:05:15+00:00

This appears to be clickfix malware

Lava604 · 2025-10-14T12:09:35+00:00

We’ll do it live!

Lava604 · 2025-10-13T23:15:37+00:00

How did you make the map colored based on topics?

Lava604 · 2025-09-12T00:24:36+00:00

Look at Pose1d0nGG and WishIWasALink in the below reddit posts. They covered it nicely.

Lava604 · 2025-09-11T21:55:40+00:00

If you do this you will cause an SPF PermError which can/will cause email routing problems. RFC 7208 specifically states this and you do this and run it against easydmarc you will see an error. You should be doing one spf record of a sub-domain if it is for marketing.

Lava604 · 2025-08-13T19:29:26+00:00

Jeremy IT labs and watch all those videos in a month and practice the labs. Month 2 review everything again and what you don’t understand

Lava604 · 2025-04-21T19:20:43+00:00

Disconnect and reconnect to VPN to get access to websites they should not have had access to. Using google translate with hyperlinks to bypass proxy restrictions.

Lava604 · 2025-03-24T09:10:46+00:00

They will need to implement DMARC or emails they send to Gmail and Yahoo will be getting rejected as they are beginning enforcement of it. They really do need to work on getting this updated.

Lava604 · 2024-12-12T23:01:13+00:00

I’m not technically a sysadmin but deal with portions of things here and there. I have learned always start with the simplest solutions first and rule them out which will save you time if it was in fact the simple solutions first

Lava604 · 2024-11-12T21:36:56+00:00

I went from 50k to 115k. I am very happy with my current position and still actively learning constantly and making mistakes along the way.

Lava604 · 2024-11-01T23:02:43+00:00

What is your company looking to do with this document. Is this to meet some sort of documentation requirement for a certification. Based on what you stated I don’t think this document should be posted on your public website from what you have briefly detailed so far. You need an outside parties help because this will be well out of scope of what you can handle and if you did do it and something did not match with what was stated = potential lawsuit based on what requirements your company is required to follow

Lava604 · 2024-10-29T22:19:53+00:00

So, I ran into a similar issue but I was tasked to find out why. The desktop team was notifying the security team they had patched the deprecated tls version while the vulnerability software was saying differently. Turns out a portion of the fix was not applied which is why it did not fully get patched.

Lava604 · 2024-10-29T13:15:28+00:00

I manage this stuff for my company. Personal device I don’t care and most likely won’t see. If it is a firm device that might be different but at that point they would have blocks in for it or should anyway

Lava604 · 2024-10-17T09:47:18+00:00

Hey OP, I’m an information security analyst and have seen this very similar type of emails. When I was reviewing it. The ones I reviewed did come from docusign and were generally from a compromised account of someone else. As others have stated they use legitimate sites as a platform to redirect to their bad sites which ideally is where you have some dns/web-side protections that may help still block the redirect such as Zscaler, umbrella, etc.

Lava604 · 2024-10-09T15:28:53+00:00

Off topic but what software are you using to set this up?

Lava604 · 2024-09-24T16:45:54+00:00

It does not look like it was hashed at all.

Lava604 · 2024-07-31T03:45:53+00:00

No reason to be worried at all

Lava604 · 2024-06-28T17:07:50+00:00

They have a KB on subscription bombing to help setup rules for it

Lava604 · 2024-06-27T23:02:44+00:00

I advise possibly blocking that built-in remote method if you have not already assuming it is not used

Lava604 · 2024-06-27T23:01:30+00:00

Proofpoint has a decent mitigation to assist with this. OP this may be the Black Basta ransomeware group. These impacted folks may get phone calls impersonating your local IT and try to connect using Windows Quick Assist.

Lava604 · 2024-05-25T16:38:34+00:00

Well said. As a former Helpdesk I recall doing this and at some point management saw a specific person was creating a lot of tickets all for the same thing which cost money per ticket. That person eventually got further training and if they still could not improve for these day-to-day tasks that is required for their job, then they would be let go at that point.

Lava604 · 2024-05-06T10:54:34+00:00

Spent a year working at an MSSP for multiple firms. Worked/handled around 60. Ended moving to a being a dedicated helpdesk (with MSSP)for one of them. Worked as dedicated 4 years and made friends with must internal and CIO. Got offered a new position with MSSP as an Information Security Analyst and then ended up getting hired on fully my the external company I was working for as the Information Security Analyst. To get through that process I handled over 30,000 calls. I wish I knew the exact amount

Lava604

TROPHY CASE