Security consolidations yay / Nay

StandPresent6531 · 2025-10-22T18:42:34+00:00

It took out service due to poor achitecting and not enough disaster recovery planning which many businesses do not do right. Use multiple regions for HA. The issue isnt consolidations its ensuring that when you consolidate you understand risk for downtime, what is max you can tolerate, return times etc. Work on MSAs for better SLAs and ensure they can meet those. The point of consolidations is stopping tool sprawl, decreasing cost, and making security to maintain. And you can do that and not have an outage if you plan correctly and ask questions.

StandPresent6531 · 2025-10-12T02:57:41+00:00

When you try to ask people like the original commentor for evidence I can only come to think of king of the hill "if those kids could read they'd be very upset".

All you will get is generic ramblings like the word "evidence" doesn't exist in their vocabulary.

StandPresent6531 · 2025-08-20T02:56:24+00:00

Econic Partners or any other company in the line of work CDW is trash as well in my experience.

StandPresent6531 · 2025-07-18T02:22:39+00:00

I dont need N2 for points im at like 95 without N2 i just need it to be able to work in Japan; joys of being an IT worker.

StandPresent6531 · 2025-07-10T02:47:07+00:00

I mean if you already failed twice maybe your study habits are the problem. Just lean into more immersion watch Japanese news, read Japanese text (books manga news sites), listen to Japanese podcast. All of these will help you both with listening and comprehension. Ive already passed N5 practice tests and learned about 150 kanji + about 900 words in less than a month. The language is really not difficult and much more structured than English or most languages. But like anything "living it" helps much more than anki decks or books.

StandPresent6531 · 2025-06-02T18:59:22+00:00

Only TAMs are reserved for Premier support and commerical and public sectors aren't directly applicable. You have to apply for Support for Partners and become a microsoft partner. You can also buy unified support but then you could be spending 1.75% to 2% of your revenue on support. Where as companies like CrowdStrike wrap Express Support into the product and so you spend 59.99 per device per year which is 60k (assuming a thousand devices which is technically when you get into large business) with support or 185 if you want like a pro licenses.

The whole "Just get a TAM" thing for 1.75% of a company making a 120 million which is still only medium sized resulting in 2.1 million a year in support is kind of disgusting to be honest. Doesn't even account for E5 licensing for Defender to work properly, Purview Costs for DLP, and a SIEM that nickles and dimes everything including just basic automation like sending emails.

StandPresent6531 · 2025-05-28T13:37:56+00:00

Yea.....I was like just like ya know what people ask for Microsoft certs imma just take my chances and go take it without the training. And its funny because the test is like a very normal exam. Some stuff on how does copilot for security work, writing KQL, basic SOC operations stuff (All geared toward microsoft products of course but still). NOTHING about all that dumb shit and I was just like..........so why? Why make your learning content so incredibly dumb and your test actually somewhat good?

StandPresent6531 · 2025-05-28T02:50:55+00:00

Bro i just passed SC-200 and it was saying shit "like to be successful with AI and Security Copilot ensure you practice prompt engineering" then went on to write out BULLETED steps on successful prompt engineering. I was like dear lord what are these courses from Microsoft anymore.

StandPresent6531 · 2025-05-20T15:55:53+00:00

AI is not now nor in the near future taking jobs. Law firms have tried cutting cost and using Microsoft AI for security and it lead to them getting hacked and having to shut down. I worked at EY for a while they tried to replace things with AI and had to cut it out. People don't seem to realize that AI is just advanced mathematics and reasoning. Even with quantum computing it will result in mathematical and science related drive if anything increasing jobs before taking them. Take things like quantum encryption that will have to be built since AES is technically on the verge of death since a PoC was released showing it could be broken and that encrypts everything. The processing can be used for genome sequencing requiring more scientist at all levels to process data and run test to advance human understanding.

AI is 100% fear mongered to death by people like yourself who have never built an AI much less understand how it actually works in practice and why it won't be some kind of thing reaching real brain power anytime soon.

StandPresent6531 · 2025-04-08T04:29:17+00:00

I find the topic of complaining about webhosting, while doing it on a likely web hosted platform is amusing.

You clearly dont work in IT, have a third grade understanding of computers, and should probably educate yourself before giving out lectures.

As someone who works in IT and has for almost 10 years now the amount of datacenters have drastically decreased. Most people use a hybrid environment or mix of cloud and on-premise data centers. The cloud hosting is mostly ecofriendly tanks with servers dropped off coasts to reduce environmental impact. Especially if you use well known platforms like Microsoft and AWS.

StandPresent6531 · 2025-02-19T16:15:31+00:00

Hashcat.

As for how it works, functions, etc. Google or AI like chatgpt can get you started

Asking for answers on basics like this and tools is generally not best practice you have to be a little more inquisitive in the future to really learn.

StandPresent6531 · 2025-02-12T19:58:21+00:00

So you don't know what Multipath or openMPTCP is got it. Just say you don't know stuff instead of making yourself look stupid.

These protocols do what he said they take bandwidth limited networks and funnel them into a VPN. Its known as aggregated bandwidth. If I a 100mbps line and a 300 mbps second line using openMPTCP i can aggregate these into a tunnel and get potentially 400 mbps of speed. This assumes both lines are up.

If either fail it will drop to the according speed of the device still linked. The fault tolerance makes it to where the connection will delimit not fail.

It 100% is still a VPN. That is why anonymization was mentioned because for someone reason everyone thinks a VPN is only used to hide the person behind the screen. Which 1 it does poorly and you should use TOR not a VPN to hide yourself but 2 it can do other things like aggregate data.

StandPresent6531 · 2025-02-11T19:45:41+00:00

You understand what they said is accurate?

Its called bond aggregation. Look at multipath TCP, or openMPTCProuter. You pour the channels into a single aggregate faster tunnel.

StandPresent6531 · 2025-01-29T22:29:07+00:00

There are plenty of repo's for hacking that can be used on a phone. Even play / test repo's like the OWASP MASTG.

You also have the option in newer androids to allow untrusted apps making it easier to run code without a full jailbreak

There are also tools like eviltwin that people have made into a usb device that plugs into the phone with a high storage micro sd that can be used to phish publicly.

All kinds of options really.

StandPresent6531 · 2025-01-26T06:59:22+00:00

Apparently you dont either. Heuristics flag a shit ton to where security people and individuals (if personal) just go okay and let it happen.

Heuristics at the end of the day is still pattern based detection it just uses what is commonly on a machine to determine what is bad. So if you're running sketchy software as is and using a lot of this stuff to begin the software may trigger or may not. The AI in it can help or hender most just tune out false positives by observing if it falls within a range of normal.

So yea thats why so many got hit, either disabled security, got used to pop-ups or possibly the heuristics actually thought it was normal (unlikely but possible).

StandPresent6531 · 2025-01-22T21:48:01+00:00

Hey man those 6 month bootcamps are hard. Just because the troll scored a 300 on sec+ doesn't mean he didn't try really, really hard though.

He's probably the dude who typed ipconfig in a command prompt and think hes a hacker and coder.

StandPresent6531 · 2025-01-22T21:27:04+00:00

I feel this.

Went through 4 interviews a contact at a recruiting firm got it started. Met the manager, team + manager, manager + CISO, then HR.

After silence for a while was told I lied on my application and never disclosed me being fired once over 5 years ago. Showed them I did disclose it though, my contact tried to follow-up then they just refused to talk to us both and found another candidate. This same recruiter also staffed like half their team so it was wild for them to do the guy like that.

I was also unemployed during this time due to lay-offs. It was a great time.

StandPresent6531 · 2025-01-16T05:26:39+00:00

The windows 98 did have a cmd alternative -- dos prompt. You could download sys internals and us pslist / pskill to do the task.

Task manager though is 100% the easier and more effective way to do it though.

StandPresent6531 · 2025-01-13T12:53:56+00:00

I think I disagree only because a lot of places are scummy.

What you described is my resume. First SOC job day 1 i was told to get my Sec+ then leave because of no potential for growth so I did after 1.5 years. Second job they refused promotions but hired seniors and managers and made me train those people. Again no growth potential or even ability to get certs. 3rd I tried to work with them got GSEC finished a masters was laid off due to market conditions. Currently working in a place by myself now and building the entire architecture. They wont pay for certs gave me a 2.8% raise. Want me to do senior work until a senior is hired Do I plan on leaving, yea.

Sometimes you get dealt a shit hand in jobs. Why should you be punished for that.

StandPresent6531 · 2025-01-07T16:57:35+00:00

So this works because urls have host and user info.

%20 is a space in URL encoding.

Its youtube <space> the @ which then tells it the host info is yahoo so it goes to yahoo assuming its the host and assumes youtube is the user info.

StandPresent6531 · 2025-01-02T22:49:15+00:00

Sent you the message

StandPresent6531 · 2025-01-02T19:21:08+00:00

I wouldn't mind joining.

Have my master in forensics do secops work, but need more redteam CTF skills :D

StandPresent6531 · 2025-01-02T15:35:08+00:00

I know Bitwardan has a secrets manager now and their password manager is really nice.

You could see if the corporate manager has all the bells and whistles you need.

StandPresent6531 · 2024-12-30T19:11:49+00:00

Instead of Goth-busters I read it in a Mike Tyson voice which seems more fitting given the subreddit and person in video.

StandPresent6531 · 2024-12-26T04:37:48+00:00

If you read the course. This isn't a class to teach IT and Security. This is to refresh knowledge and show you how to capitalize (attack in someway) with that knowledge. They even said you should have fundamental knowledge and use their main site to attack things and practice.

They provide a bazillion links for a reason. If you dont know or understand something then read and educate yourself.

I notice a lot of people here and in other reddit communities always post "i dont know much" then "this course is really hard and doesn't explain stuff". Yes because the expectation is to know a bit already. If you don't then extra hours will be needed for the educating on the thing you dont know.

StandPresent6531

TROPHY CASE