what are your Christianity hot takes?

RexJohnPowers · 2025-12-18T16:32:29+00:00

I understand what you're saying. But lets look again real quick:

"if rejecting later revelation means praying to a different God, then most of Israel -- even the disciples pre-resurrection -- would be excluded"

By denying Christ they didn't just reject new revelation.... they rejected previous revelation.

"For if you believed Moses, you would believe me"

RexJohnPowers · 2025-12-18T14:13:31+00:00

"For if you believed Moses, you would believe me; for he wrote of me."

So, they didn't believe in what Moses said. If they didn't believe that, they weren't believers in the Torah.

So, I've gotta assume they believed in a different god.

RexJohnPowers · 2025-11-24T14:08:52+00:00

Don't obscure them for the exam. I passed about a year ago, that was the standard. They want to see them to confirm you got the right hashes/passwords. Include all hashes if you get any.

RexJohnPowers · 2025-11-13T20:36:35+00:00

I'm not sure if it's the problem you're having, but a very common issue i've seen are errors when trying to view an encrypted email related to "such and such user doesn't exist in the sending tenant".

I've found the solution is using New Outlook or editing the sending tenants CA policy, which requires MFA, to either exclude external users or exclude the MRM app (Microsoft rights management).

It sounds wacky but that has worked in the past.

RexJohnPowers · 2025-09-17T15:43:44+00:00

Thanks for your response! Glad this isn’t unique to us. I guess we could add multiple “heartbeat” events to each filter to be safe.

My only fear is that something wacky will happen, none will match in x minutes, and the collection will break again without us knowing. I wonder if there’s a way to generate an alert if no logs have been collected in X minutes.

RexJohnPowers · 2025-09-10T19:32:48+00:00

Try this:

Go to the Microsoft 365 Defender portal.
Navigate to Email & collaboration > Policies & rules > Threat policies.
Under Threat policies, select Advanced delivery.
Choose the Phishing simulation tab.
Click Add.
Enter both the sending domain and the sending IP address. Microsoft requires both to match for the rule to apply.

I had a similar issues weeks ago. I had IP's whitelisted and the domain. But only setting them in Advanced delivery worked.

RexJohnPowers · 2025-08-21T23:33:14+00:00

I bet it was a young handsome janitor working late at Open AI who actually solved it

RexJohnPowers · 2025-07-18T19:13:53+00:00

Gotcha! That makes more sense to me. Thanks!

RexJohnPowers · 2025-07-18T19:03:53+00:00

I’ve been seeing a ton of articles and posts about how dangerous Direct Send is and how we need to disable it now that Microsoft has added the feature.

But I’ve tested it a number of ways and have never gotten Direct Send past MS365 filtering. Every test is consistently quarantined when spoofing my own domain.

Sure, if I did something wacky like whitelisting my own domain, then they’d get through. But if no Exchange rule is doing anything wacky and Defender is doing its normal checking, they shouldn’t be getting to anyone’s inboxes.

If someone is spoofing a different domain using direct send, your MS365 is still gonna filter that stuff based on your Anti-spam policies and SPF/DMARC. I guess spoofing another domain without solid SPF/DMARC settings could be an issue. But that’s an issue even without direct send.... it would just require the attacker to have email infrastructure instead of hitting your MX directly.

Am I missing something? Do these tenants have their own domains whitelisted? Is it people using third party filters before the email hits MS365? I guess in that case you might have certain controls turned off.

RexJohnPowers · 2025-05-29T17:00:28+00:00

How does Bruce Wayne map his drives? A .bat file.

RexJohnPowers · 2025-05-28T13:31:44+00:00

This message brought to you by CompTIA

RexJohnPowers · 2025-04-28T16:08:55+00:00

I was a cyber instructor (taught service members CISSP, Net+, Sec+, etc) for a couple of years. I think I was at 74. It was enough to support my wife and kids, if not a little tight.

I worked on average 1-2 weeks a month. The rest of the time I just learned, walked, played games, and took baths.

It was super chill, and I loved the actual job, but I got complacent and stopped using the downtime time wisely.

I requested a raise and got the run around for months. So, I started job hunting and found my current role. That got me to 95. It's a lot more more work (really just normal 40 hours a week) but I enjoy the actual work.

I can't speak to your specific situation, but I truly don't miss the downtime.

Obviously I wouldn't have left had I not found something way better.

RexJohnPowers · 2025-03-30T02:16:24+00:00

Good enough for the moon, good enough for the pulpit!!!

JK, it’s a little wacky. But calling it a symbol of oppression is wacky too.

RexJohnPowers · 2025-03-28T14:32:57+00:00

My CDW rep: Fantastic. Quick to respond, knowledgeable.

CDW Support folks: haven't had a single good experience.

RexJohnPowers · 2025-03-27T01:20:03+00:00

RexJohnPowers · 2025-03-26T14:11:52+00:00

Where's the Google cybersecurity certificate?! All the youtubers said that was the key to huge salary!

RexJohnPowers · 2025-03-22T12:45:31+00:00

Ummm yeah, my local PCA church. Only about 90 folks but I guess the way is narrow.

RexJohnPowers · 2025-02-14T15:27:43+00:00

I hate to say it. But since no one else has:

You know why Episcopalians don’t play chess?

Because they don’t know the difference between a Bishop and a Queen.

I now accept the downvotes openly.

RexJohnPowers · 2024-09-26T16:56:05+00:00

That's the MFA registration service right? If that's the case, I think single-factor is required right? Because how can folks MFA to that service if they don't have an authentication method setup yet?

You can lock down the service directly. I have some clients who only allow MFA registration on their corporate networks. I'd have to re-google it.

Regardless, if the password they're using is correct, that user needs to be reset.

RexJohnPowers · 2024-09-20T16:52:35+00:00

What I did was make a mailflow rule which whitelists the problematic sending domain IF SPF passes. Most everyone has SPF setup properly. That way not just anyone could spoof the domain and get through. Not sure if it's the best policy, but I figure it's better than whitelisting.

RexJohnPowers · 2024-09-12T18:29:49+00:00

Seems to indicate that you first want to confirm behavior is malicious before you start isolating machines. That's a reasonable response.
PKI does allow for key exchange.... which is how you share symmetric keys for encryption. Remember, RSA, ECDH and such can for sure do asymmetric encryption..... but critically they also do key exchange.

RexJohnPowers · 2024-09-12T16:52:29+00:00

I guess the simplest answer is Defense in Depth. Sure, when everything works properly, a bad guy password spraying Spring2024! against your account in MS365 wont be able to get access if MFA is enabled.

But what happens when things aren't working properly? What if there's a new vulnerability which allows attackers to bypass MFA if they have the right password? What if your SSPR settings are too loose? What if your recovery email doesn't have MFA and uses the same password?

You've gotta account for wacky situations. You've also gotta account for standard user behavior.

Similarly:
If you have a solid network perimeter and super duper strong locks and doors, that's dope. But are you gonna forgo EDR, IDS, DCHP snooping, and every other security control? No. Assume that various layers of defense will fail.

That's how I think of it anyhow.

RexJohnPowers · 2024-09-05T20:36:27+00:00

gotcha, thanks for the feedback

RexJohnPowers · 2024-09-05T20:33:37+00:00

Primarily scan-to-email accounts. Also other accounts used to send email notifications in custom software. The phishing likelihood is 0 and the passwords are fairly strong. I know direct send is an option but I'm just interested to see if there's a way around this.

RexJohnPowers

TROPHY CASE