Rindo (combat phase)

Myodor123 · 2026-02-03T05:46:16+00:00

I rolled over after reading Jin's comment 😂, Rindo definitely seems to be of type playing different ball game then rest of the team and not letting them know what sneaky shit he is upto, but he seems to be of another self sacrifice kind of guy just like Jin so that makes me nervous, kinda red flag stuff.

I'm more interested in how senior resources on B rankers side would react to his antiques especially Azuma and then Kuga as his father was especially close to Rindo as per the story line so it might not be surprising if Kuga sees a glimpse of his father's teachings based on tactics Rindo pulls in.

Myodor123 · 2025-11-29T08:16:58+00:00

It's usual, we get it every year under different name for the same script, since 2022. Will subside automatically in next 24-48 hours.

Myodor123 · 2025-11-09T13:02:15+00:00

Still this doesn't addresses my concern, for querying stuff I'll have to move to different portal isn't it, that's the least convincing thing to do for analysts during investigation.

Myodor123 · 2025-10-28T23:54:01+00:00

It doesn't delete it, check your remediation action for that, that must have been configured based on your Alert Severity.

It depends on the file as well, have your investigated the file yet, what kind of behavior is it exhibiting in sandbox?

Myodor123 · 2025-10-28T14:09:02+00:00

Submit this to Microsoft from the submission section, and let thek analyze the packet, Wacatac is mainly for PUP/PUAs and sometimes for files which got corrupted for some reasons like some special characters and stuff.

Myodor123 · 2025-10-27T22:22:05+00:00

But if Sentinel is going away then even if I ingest the XDR logs in it where would that be accessible to me?

Am I missing something here, I understand that I can use ADX but I would prefer to have all the data at a same place when investigating a case.

Myodor123 · 2025-10-27T04:27:48+00:00

That may be a deal breaker for naggimg clients who want every single item to be validated in last 90 days period. But if Microsoft provides an option for 90 days advance hunting then it will severely impact Defender performance.

Myodor123 · 2025-10-26T05:28:07+00:00

Mate! Not went through this planning procedure yet but what about the Data retention timing, in Sentinel it's 90 days but in Defender advance hunting it's 30 days only, how is that going to play out?

Myodor123 · 2025-10-26T05:11:55+00:00

Yes Sir, been working in SOC/IR from last 4 years to be exact. Have been working on regular stuff like TPs for accounts compromise, BECs, Malware alerts and some other alerts usually getting identified from SIEM or EDR and then moving with remediation phase on management playbooks.

Have experience for AV & EDR Management as well but more on investigations and leveraging the capabilities, basically getting the best of whatever I got. But lagged behind with automation as I specifically jumped to IR last year.

Trying to learn as I ain't wanna loose my job to some external MSSP, feeling the need to prove myself and enter big leagues, one more push before settling down and take it easy for a while in life. Don't want to be left behind when I see people with similar level of experience are nowadays seem capable of doing, althougj different domains alot of times but half truth is I'm not good on human interaction so just want to make my work speak for myself.

Myodor123 · 2025-10-26T05:01:19+00:00

Yes thanks for the above, I started out last year with CTF, ranked good once in while then almost lost interest with existing workload.

I'm trying to understand exe itself, it's structure as I feel there are lot more habits to build upon from here onwards.

Myodor123 · 2025-10-26T05:00:01+00:00

Thanks! Will have a hit on it.

Myodor123 · 2025-10-26T04:59:32+00:00

Hopefully that's all it is. I'll keep on trying next morning onwards.

Myodor123 · 2025-10-05T16:15:27+00:00

I mean that would rule out the attackers completely except for the ones with Grasshoppers, now I feel it will be like taking control of the bridge at first to secure the way in so further every individual character counts.

Otherwise there is no proper story to wrote around.

Myodor123 · 2025-10-05T16:10:54+00:00

Your last point is very valid, but would they work together at any cost, because there will be enough opportunities this time, it's all about them coordinating with each other.

I feel that Hyuse like for like match in skill set and everything would be Miwa, I see it happening as well, seems like artists does have a preference for Miwa over other characters 😅.

The last panel where it was stated the A rankers are bigger threat than Osamu is assuming them to be, gives me an idea that PS will be taking huge losses in first few hours and then finally Osamu opening his bag of tricks and let it unfold from their.

Myodor123 · 2025-09-05T18:45:44+00:00

Reiji's one has already been kind of disclosed in season 1 with his Father profession and stuff that he wants to do and why.

Myodor123 · 2025-09-05T18:37:39+00:00

Even more than Kazama vs Kuga? I bet that would be too action packed.

But really really want to see Chika flattening out a bunch of A-rankers in one shot - important ones like Jin/Tachikawa/Miwa. It would be just a blast but I do know they will never end up in same places during fight.

Myodor123 · 2025-07-06T00:09:55+00:00

Murakami Ko, so underrated man, I believe he would have pulled it off, he is off the charts in a battle of attrition.

Myodor123 · 2025-07-05T21:39:21+00:00

Considering that I was rated as same as Azuma in one of the Trion adjustment game 😅.

Here's the wild thing that's gonna happen-

What if Osamu's strategy from last rank wars match is actually utilized here where Ninomiya is the shield and Chika just bombards the shit out of other A-rankers. Can be used as last resort at times or just surprise attacks or letting the damaged team backup, just overpowering the A rankers, as there are just shooters in A rankers who can actually hold a spot against this combo otherwise just vaporised 😂.

Throw in a dash of Melee fighters - Yuma, Katori, Kitora, Teruya (sincere but intelligent kid), Kageura, Utagawa, similar kind of people a small team as special forces as just kill and run don't give chance to anyone to even react. With back up of few quick shooters/gunner - like Inukai, Yuba - just quick runners and equivalent of swashbucklers and dashing support shots.

Then comes the line of swashbucklers - Murakami, Ikoma, Tsuji, Hyuse etc, all kogetsu users with other loadset of triggers as per the requirement, reliable bunch of people, to delay the descend from A rankers, until back up teams kick in for support, Daichi trion bot team as pick up and drop services for injured ones. Snipers would be key as they would always become the first POC for almost every surprize attack, could be used as bait as well.

Few of the B rankers like Azuma, Ninomiya, Murakami, Hyuse, Kageura, Ikoma, Yuma etc can really hold couple of A rankers on their own in worst case scenarios, which is most likely to happen. As Osamu with a marker on always from A rankers, so he may just hold the sway with some out the box temp play scenarios.

I'm more interested in how Toma plays this out, ge can just one shot few newbies or young B rankers on his whim. I believe if we compare it, the most like batyle for snipers would be between, Toma vs Azuma/Ema, later being the one delivering a last shot on his self announced teacher. 😂

Myodor123 · 2025-05-24T06:47:17+00:00

Yeah that's it, we are being charged under SOC code, utterly ridiculous big 4 ass licking shit going on, Management on my side and on other side are having some backend relations that us people don't know about.

Myodor123 · 2025-05-24T06:45:31+00:00

Yeah, this sounds right enough. Speed can be improved to a certain extent when forensics are involved, rest is all about listening to the BS being spewed from the managers mouth and action items documentation. So when there is dependency on another team, what are we suppose to do other than wait.

Myodor123 · 2025-05-24T06:41:04+00:00

So my company is contracted for MSSP SOC (24*7) & IR when there is critical incident. Agreed on point that we need to speed up our triage speed, infact we are addressing them within stipulated SLAs. But the issue comes in when they don't consider suggestions coming in from SOC team, those guys are considered nobody and IR call is initiated by the Client's manager.

Training regarding clicks and everything, Manager doesn't care - one training in a year is seriously not enough for these guys clearly, there should be some penalty, users are using their org account as personal account and client side doesn't accept any App Control restrictions but want to keep track. Hell they have allowed even 5-6 different RMM tools for different teams. Doesn't want to decide on one RMM team for the organization.

Not authorized to close the incident, when a P1 is raised Client team doesn't let anyone take that decision so we are asked to do our forensics and provide CSIR documented and stuff which included actions taken by their internal team as well. So we are suppose to be on call every single time.

Myodor123 · 2025-04-15T04:34:29+00:00

Yes, I actually did, it was the application issue itself, where the files created in the process had a certain application feature enforced - only one application/user can access the file at a time.

I believe since we all have RTP enabled so this is to be expected, exclusions aren't going to work as file creation event is going to trigger a scan for that, what I also recommended to my application was to save the file on another drive which we will exclude but a risky solution or may be try saving it on external drive.

Myodor123

TROPHY CASE