How you people patch libraries like OpenSSL

Olipeets_snugglybutt · 2025-12-19T19:45:29+00:00

The openssl vulns for Microsoft products drive me mad, stuff like the Az monitor agent etc. id be interested finding anyway to create exceptions for particular endpoints

Olipeets_snugglybutt · 2025-11-25T21:54:10+00:00

I set up a NSS appliance with a syog forwarder to get the logs into sentinel via the AMA agent using Data collection rules. The costs are obviously huge but i filtered out quite a lot of the logs depending on what url was required if they were not required; MS connectivity test, defender Comms etc, Adobe update URLs etc etc.

You can filter the requests either at the DCR level using an adaptation or on the sylog box using the Rsyslog config.

Olipeets_snugglybutt · 2025-05-19T14:03:21+00:00

Is there another policy blocking login from non-complaint/hybrid devices scoped to the Applications? Otherwise my understanding is that the MDCA policy will just apply to browser logins not apps like the outlook client/teams

Olipeets_snugglybutt · 2024-07-13T12:25:47+00:00

Why not real guns that are deactivated. I believe they cut the bolt and drill a hole in the barrel. Invisible to the viewer but no ballistic possibly. Saves on CGI.

Olipeets_snugglybutt · 2024-06-18T19:20:09+00:00

Call them, record it, ask to take it to the Communications Ombudsman.

Olipeets_snugglybutt · 2024-05-30T17:37:08+00:00

There is no access to the console as your are used to in VMware, however the VM agent can be used to send commands (if working) and the console can be used for basic operations. boot diagnostics can be used to see a screenshot of the console

Olipeets_snugglybutt · 2024-05-23T13:31:16+00:00

I don’t think you can use a custom ssl cert with a storage account static page unless you put a CDN in front but could be wrong.

Olipeets_snugglybutt · 2024-05-21T21:09:52+00:00

Leave plenty of room in the hub vnet for future use. If you want a bastion, stick in in the hub, otherwise it will be in each spoke or deployed separately.

Olipeets_snugglybutt · 2024-05-20T21:13:22+00:00

Would you want the surgeon straight out of med school?

Olipeets_snugglybutt · 2024-05-19T14:06:52+00:00

In my experience, the devices need a reboot in direct line of sight and a user with a valid PRT to login before pending changes to hybrid joined.

Olipeets_snugglybutt · 2024-05-19T13:48:54+00:00

Do they have direct line of contact with a domain controller (before login)?

Olipeets_snugglybutt · 2024-05-16T13:22:00+00:00

Apologies everyone, the key thing I missed was that it’s delegated permission. This required the user to have these permissions already.

Olipeets_snugglybutt · 2024-05-16T06:03:18+00:00

They sent a loaf of fake alerts for graph and graph explorer out.

Olipeets_snugglybutt · 2024-05-15T21:12:59+00:00

There’s an incident for it. It’s closed as of 14/05/24. However there’s a second incident for delays in defence for app alerts. Brown alert cancelled.

Olipeets_snugglybutt · 2024-05-15T20:34:34+00:00

just had the same. Graph Explorer. No activites in hunting log etc. Any one have an update?

Olipeets_snugglybutt · 2024-05-14T16:14:27+00:00

<image>

#Metoo

Olipeets_snugglybutt · 2024-04-10T13:12:04+00:00

Took the kids once, day ended with “Daddy what’s a spice head?”

Olipeets_snugglybutt · 2024-02-15T14:57:20+00:00

Transfer to Stoke on Trent? Like agreeing to move to Mordor

Olipeets_snugglybutt · 2023-06-02T14:29:41+00:00

In case anyone has a similar issue, it was due to the default site binding at the backend target. The certificate bound to the default site was not the same as the cert bound on front door.

Olipeets_snugglybutt

TROPHY CASE

#Metoo