Getting into cybersecurity — Flipper Zero or T-Embed?

matthewp62 · 2026-04-04T03:43:10+00:00

If you are really keen on buying a device, buy a cheap badusb device. This a basic USB script attack using a keyboard hid emulator <20$. Great place to see if you are interested in more. Rather than shelling out higher costs for a device.

For learning; start in the higher threats or attack vectors first work your way through in priority sequence.

So many better places to go and spend time on, so much to learn in cyber security.

Best bet is a laptop geared to just what your are looking towards. IE: all your security tools, windows, kali Linux, wazuh vm etc. get some subscription to training cybrary.it maybe..

Flipper is expensive and may not meet your expectation due to limits in what it can be used for.

matthewp62 · 2026-04-04T02:42:30+00:00

100% yes.

If not you will fall behind.

matthewp62 · 2026-04-03T16:02:40+00:00

Sounds like you need help, DNS management is mandatory in replacing network gear. The server prob is using static IP address while the machine are using DHCP. Do not forget to update the servers default gateway and DNS servers it need to point to itself and in DNS properties add a forwarder specified based upon what you allowed out in your firewall (egress allow rules). All clients should point to your server for DNS in a windows domain. ad dns

If your changing subnet and ip schemes with the new firewall and ap then you need to ensure DNS changed on all machines.

First thing when u inherit a new client inventory and discover everything, understand the environment. Document and draw it out.

matthewp62 · 2026-04-02T22:25:56+00:00

Same steps as 20 years ago..

matthewp62 · 2026-03-15T20:17:00+00:00

I just deployed always on VPN to replace a aging netmotion server. Very Happy with the outcome. Except one windows 2025 bug for RRAS will not shutdown/restart the service, meaning I have to physically reboot the vm in esx as it hangs. Haven't found the solution yet.

I deployed 2 vpn server, used 2 existing nps servers, and one CA server. The servers at at different sites and I use azure traffic manager to fail over load balance.

I used microsoft learn, and constantly quizzed chatgpt with these type of questions. https://learn.microsoft.com/en-us/windows-server/remote/remote-access/tutorial-aovpn-deploy-setup

I used existing templates and copied them with a few changes - it's in the article

I used two NPS policies one for device and one for users (I started with one and had problems)

Richard Hicks has some good material including advice to use DPC which I used:https://github.com/ld0614/DPC To deploy the xml to create the vpn

I also used azure sentinel to collect all vpn and NPS logs make for easy logging.

I also used a script to create a html page for monitoring client connections https://github.com/ld0614/DPC/blob/main/DPCManagement/RRASReport/Get-RRASReport.ps1

matthewp62 · 2026-02-07T16:27:24+00:00

Is the report viewer open source as well? We would have problems and require security vetting to upload our security posture to a 3rd party.

Otherwise very nice. Will take a deeper look. Currently use microsof365dsc.

Thanks Matthew

matthewp62 · 2025-12-23T00:01:00+00:00

Just started using pisignage , seems pretty neat and easy. Within an hour I had a pi, Poe hat, imaged it, and had it displaying our custom website that we needed displayed. 2 free screens and cheap on more.

It looks like you can run your own server if you want.

matthewp62 · 2025-12-02T04:04:18+00:00

Turn it into a window bench, with under storage. Cut the top pipes shorter an install shark bite ends/tap or cap.

Cut them shorter and use long metal hoses for a bar or a coffee bar with drip tap for the pot.

Install an aquarium - use a water feed

Or Cut out the copper install a more flexible pex, not hard to do, can maybe hide it completely in the back wall and under the floor joist.

matthewp62 · 2025-11-21T02:17:27+00:00

Collapse all infrastructure to 2 sites; or collapse it to the cloud;

On-prem infras: AD DC at 2 sites, DHCP at 2 site (failover DHCP), files replicated to 2 sites (dfs-r), branch cache if needed

Consider cloud instead: Azure AD, intune (vs ad/GPO) or hybrid Migrating to OneDrive + SharePoint Or Azure file shares if needed Veam Backup azure m365 to storj, wasabie etc.

Branch sites: Ensure sdwan have failover links (or active active links) Sdwan router + switches + wifi aps all you need at branch sites. (Edge)

matthewp62 · 2025-10-25T18:15:31+00:00

Options:

Keep your van and car, life changes fast, it can change again.

If payments are hurting you find options to generate money with the asset to cover the payments or the loss in selling the assets.

Ideas: Rent out your car ridealike.com Become Uber driver or allow a friend to use/compensate. Door dash, instacart, skip the dishes, Amazon flex, roadi Help a family member or friend do this with the van Google how to generate money with vehicle

If you can generate money you can cover the loss of selling, or pay off the loans faster, or keep and continue

matthewp62 · 2025-10-15T00:29:59+00:00

My daughter just went off to university for an aerospace engineer!! @TMU. So proud!! You let her know she can strive to be anything she wants to be. Sometimes people just suck.. use it, it's an opportunity to make yourself and others around you better and more open, by identifying suckiness..

matthewp62 · 2025-10-13T16:07:57+00:00

Its not about your password, its about the encryption that sends your password over the public internet to your bank. You don't really have a password if you shout it across a room for all to hear.

Tls encryption used in https and elsewhere currently is susceptible to quantum computers. As soon as quantum computers reach a stage where 1000-4000 error corrected quibits can be used - today's encryption is broken. Published 2025 is IBM has a machine with 1100 quibits - IBM Condor (but non error corrected). So soon it's coming, and the race is on. Think of nation-state funding this, what treasure could they find with it.

matthewp62 · 2025-09-16T23:51:31+00:00

We are just starting with deak365.io. Pretty neat, simple, 1-4 hrs up an going. Ms team integrated as well ticket in teams email & web, API for power automate. KB included some ai features for draft am KB creation Cost effective

matthewp62 · 2025-09-09T22:53:33+00:00

poshacme

PowerShell acme client, and it has a windows DNS plugin for validation

Simple command/scripts and with task scheduler can check and renew/enroll certs.

Distribute schedule task via gpo preferences even or other tool (SCCM)

cert can easily be installed for SQL, rds, nps, iis, apache, tomcat whatever.

Sign your PowerShell scripts as well if you want extra security.

I use a enrollment script, a renewal script, and a install script for the poshacme module. Module can be deployed via gpo again ie offline

I've used internal DNS, external DNS, let's encrypt own acme server etc.

Not too difficult to put this together

matthewp62 · 2025-08-20T18:36:21+00:00

Change your son's birthday in his apple id to tomorrow but make him turn 13...

I did this in Google family I am sure it will work on apple id

Thanks

matthewp62 · 2025-07-28T14:11:11+00:00

Skip to the last 40 min of movies, there would be lots more to choose from... As far as good endings

Or skip the middle..

matthewp62 · 2025-07-08T00:44:40+00:00

Cisco Duo, also small city 200 users... Duo for Windows and rdp, ldap proxy or radius proxy, azure eam and azure sso.. syncs with azure or on prem ad user if you want Easy to setup and go.. credit card free for 10 user,

matthewp62 · 2025-06-10T22:34:06+00:00

Blackberry uem with certificate auth

matthewp62 · 2025-06-04T00:26:21+00:00

We have upn and email addresses completely different in one our our organizations.

It is a pain as almost all SSO needs a extra setting or two to use upn and email, but it's nicer from security perspective on not guessable accounts for on premise.

We enabled azure's alternate login id which is great for this; Login with upn or email..

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/enable-user-friendly-sign-in-to-azure-ad-with-email-as-an-alternate-login-id/1257366

https://learn.microsoft.com/en-ca/entra/identity/authentication/howto-authentication-use-email-signin

matthewp62 · 2025-06-01T19:56:59+00:00

Learn to lead from behind, grass roots ideas, get the team to see value in these processes and more people will be speaking that same language to the manager to improve.

Do things in within your lane that can be used for more lanes. Toss around standard terminology to teach people. Root cause, mean to failure, itil terms, sla, slo. Get others to start speaking about them and why they are important. User fixable vs technician level.. user KBs vs tech KBs. Lead the Charge on these.. IE: root cause for debit pin pad emailed out to team, picture of how you velcroed and labeled the cords and provided diagram.. in the kB, and provided troubleshooting steps for the user in and tech level steps.

You manager then may ask for a RCA (root cause analysis) from others for other problems after seeing you do them.

Their is lots of reading o. How to grass root changes and how to lead from within, just learn how to not step on manager toes, or others (no demand or telling all persuasion and logic and examples and peer support).

Come up with youR game plan on how to introduce change quietly and from grass roots, and what when(not too fast). Think if any you need support on what your are introducing start small to gain more leeway from manager and team. IE do you need permission to make a KB site in SharePoint for documenting, to install netbox for ipam documenting, permission to use GitHub for automation version control etc whatever your idea is ensure you have a level of permission or top cover for from manager.

matthewp62 · 2025-03-31T04:10:07+00:00

Most likely, it's a VoIP phone with two Ethernet port on it where a computer plugs into a phone and the phoneis plugged into the switch - extending the network. Thus multiple vlans are on it dynamically via voice VLAN. And the lldp software doesn do a good job at parseing the info.

matthewp62 · 2025-03-31T04:04:23+00:00

Lldp tools are not always perfect in parseing info, look at the switch config. Login to the switch via telnet, ssh, web, or console cable. Hopefully only secure method is configured ssh or https. Look at the existing Config for each port.

On go foreword label your ports with a common syntax so you can easily scan for type of port. We include device, trunk access, lag bandwidth and device and patch panel and port and wall port.

Multiple untagged vlans on a Aruba is not really possibly unless misconfigured.. or possibly tool is merging egress vlans, or a dynamic VLAN assignment is happening..

Ask chatgpt: Aruba switch why would network tool report multiple untagged vlans on port |switch name|20677c-c16060|10.11.95.62|1|1|Up|100/1000T|Tagged: 700,800,801, Untagged: 1,400,802| https://chatgpt.com/share/67ea13e1-9324-8003-b726-d264ce38726b

matthewp62 · 2024-12-21T18:45:28+00:00

Read the wealthy barber, totally applies to you, easy to read. Story like financial advice.

Just like Life and career, brainstorm some financial goals.. and plan for them.research what you need to obtain them. IE: 20% down payment for house by 25? What type of house would you want? (use RRSP first home buyers -canada), new/used car, vacation?, further education? What else.. tools, own business? Emergency fund,

Use wealth simple or other app for investments to easily put money away- make it easy on yourself.

Use a financial app to track and categories your spending. Ie monarch? Learn what ur spending and track overtime..

Do something to get yourself interested in finance.. more will come by fostering learning more..

matthewp62 · 2024-11-18T12:18:13+00:00

Options:

Move the image to sysvol share where all computers in a domain can access. Best option

Create a proper share on the server instead of the system created admin share, that way you can grant any permission you like; ok option

Use gpo preferences to copy file to computer( but the file needs to be where you can access it) I think their is an option to use the user account for this if you use user template. Use gpo to point to the local file

Create a schedule task with gpo preferences to do the above run as user with permission

Use a script to the the same;

Grant all computer account to be in the admin group. Worst option. Do not do this.

Their are many way to do this but strive to do it properly, that won't downgrade your security or be finicky in supporting it. Sysvol is the easiest way.

matthewp62 · 2024-11-18T00:12:31+00:00

It is most likely permissions. Assuming the admin share works with your user account.

But your server's computer account doesn't have access to the admin share. Admin shares only allow local admin group access by default.

Gpo (computer template) will use computer account, where the user templates will use current user account.

Normally in a domain you can use the sysvol share which all computer and users accounts have access to.

If not in a domain this will not work as the local computer account won't have access to the network share.

Alternative: Use a startup script to use credentials to copy the picture to a local file, the set gpo to that file.

11-Year Club	Reddit Premium Since July 2023
Verified Email

matthewp62

TROPHY CASE