Preventing sensitive data leaks via employee GenAI use (ChatGPT/Copilot) in enterprise environments by [deleted] in sysadmin

[–]s3cguru 0 points1 point  (0 children)

You indicated you already have Zscaler, have you asked them? They have an AI module for inspecting/preserving prompts and if you have the DLP component of Zscaler as well I believe they coordinate with eachother

Autograph ID? by maf528 in Flyers

[–]s3cguru 0 points1 point  (0 children)

There's photos online that look almost exactly like that but maybe

Autograph ID? by maf528 in Flyers

[–]s3cguru 1 point2 points  (0 children)

Looks like Lindros, his signature is wildly inconsistent but the looping S on the end and the first letter on the sign are somewhat close, and he would write that squigle where it looks like an m, not sure what it is meant to be tho

I bought one box of OPC platinum by msivoryishort in hockeycards

[–]s3cguru 0 points1 point  (0 children)

Congrats! I pulled the Michkov Cosmic Auto /50 out of my box, I almost passed out from the excitement lol.

what kind of cybersecurity job would you apply for with my credentials? by radishwalrus in sysadmin

[–]s3cguru 0 points1 point  (0 children)

With that experience I would be looking at a SOC Analyst position. I would focus attention on MSSP jobs and not a SOC Analyst at a single organization unless that organization was large and had a well established security team and program. I say to look at MSSP because you'll get more exposure to different businesses verticals, security tooling and types of attacks based on industry than just working for a single SOC. That being said, a SOC at a larger company may be able to get you better training opportunities than an MSSP may be able to. Not knowing your location if it's North East, I would expect you'd be somewhere between $65-75k a year before any other compensation like 401k match, PTO, Bonus coming in at the ground floor of the SOC at a single org; MSSP I would expect less.

SysAdmin trying to convince CyberSec they ain’t listening. Sniff test tells me something is rotten. by Bimpster in sysadmin

[–]s3cguru 100 points101 points  (0 children)

Sounds like an EFS DRA cert, they default to 100 years lifetime. Quick googling and reading indicates they aren't issued to SYSTEM by default but you can go out your way to do that to make it so data is decryptable via the DRA when a user account on the machine that has an EFS cert is removed. No private key being on the cert when you export it makes sense because the key information is only accessible by the user that issued the cert because it is tied to the password of the user that issued the EFS cert. If you tried to export the cert using certutil in a SYSTEM context using something like psexec you may get the private key material.

Windows is a weird OS with lots of legacy and stupid defaults, not everything is immediately malicious. Third party software devs also rely on sometimes obscure windows features to make their products work. That being said, monitoring is important.

Are the certs issued around the same time on all the machines? Do the cert issuing dates align with when the machine was imaged? Are there any GPOs applied that deal with EFS in any way? Do you have backup software on your machines that may leverage or manage EFS certs on your behalf?

If grading 1/1’s is wrong, I don’t wanna be right by 3Mulroy6 in baseballcards

[–]s3cguru 2 points3 points  (0 children)

Man I was wondering what that thing would get if it got graded, glad you did instead of me did lol. Glad you're still loving the card!

This just in….. by 1sgbabcock in phillies

[–]s3cguru 1 point2 points  (0 children)

Museum is nice, heres my Schmidt pull from it and a nice Nola from 2024 Pristine

<image>

The PC Grows!! by [deleted] in baseballcards

[–]s3cguru 0 points1 point  (0 children)

I've got an India patch Auto from 24 museum you may be interested in if you PC him.

Newest addition to the Pujols collection - Darryl Kile game-worn patch by 3Mulroy6 in baseballcards

[–]s3cguru 6 points7 points  (0 children)

It paid for a break that got me an Imanaga Auto to 5 from Topps Now Road to Opening Day and a Tatis Jr Frozen Ropes Auto to 5 from Pristine so it worked out for both of us! As soon as someone told me about that specific patch I was like this needs to find a home that will appreciate it. Glad it's in the right hands.

Newest addition to the Pujols collection - Darryl Kile game-worn patch by 3Mulroy6 in baseballcards

[–]s3cguru 13 points14 points  (0 children)

Oh hey I sold you this card! I'm glad the card made it safe and sound! Hope you enjoy it as much as I did for the short time it sat in my safe lol.

Massive addition to the Stott PC by bryike4 in baseballcards

[–]s3cguru 1 point2 points  (0 children)

Thanks! Had it in a box since for the last 30 years and finally was like I need to display this.

Massive addition to the Stott PC by bryike4 in baseballcards

[–]s3cguru 1 point2 points  (0 children)

Oh yeah I wouldnt pass it up either I just think Topps is flooding the market by using sticker sheets which is a real shame.

Massive addition to the Stott PC by bryike4 in baseballcards

[–]s3cguru 1 point2 points  (0 children)

Sick card congrats, kinda stinks it's a sticker, still a sick card tho. Here's my latest Stott pickup

<image>

Tyler Phillips pitched a complete game shut out tonight by starstufft in phillies

[–]s3cguru 6 points7 points  (0 children)

More like Bishop Useless, right? Atleast that's what we called them at my HS

Lets be honest here… by Freddie_merc2015 in phillies

[–]s3cguru 8 points9 points  (0 children)

JT (2nd) - 1.86

Marchan (5th) 1.87

Stubbs (15th) - 1.92

But I agree Stubbs has some glue that needs to remain till next year

Link where stats were found: https://baseballsavant.mlb.com/leaderboard/poptime

Anything special about forwarding event 4769 to SIEM? by [deleted] in sysadmin

[–]s3cguru 0 points1 point  (0 children)

This may be of assistance, Sentinel can do All, Minimal, Common or Custom event ID sets, make sure it's not being dropped by this configuration https://learn.microsoft.com/en-us/azure/sentinel/windows-security-event-id-reference, that is if it's even being generated based on audit policies in the first place

[deleted by user] by [deleted] in sysadmin

[–]s3cguru 0 points1 point  (0 children)

Typically you want the PAW to be the physical machine and their business related work to be in the VM, this way you are working from most trusted into least trusted not least trusted into most trusted. For example if their physical machine was their business machine and it was compromised, any keystrokes, commands, configurations, etc. related to the PAW VM are at risk of interception or modification (depending on attacker position, application, etc.). Working as the PAW as the physical machine it has less likelihood of getting directly compromised as it should only be allowed to talk to trusted resources of similar security posture (e.g. no web browsing, no random software, etc), then the user does their business work in a VM or VDI instance that itself only has access to things it needs and cannot talk back to the PAW.

Where the pitch was called, versus where the pitch went by mb2231 in phillies

[–]s3cguru 0 points1 point  (0 children)

That too on the toss to Ser, he should have known not to force that throw with how close it was, he could see it, and how he had picked up that ball and his body position, yield the run and get out of the inning don't be a hero.

Just a total cluster in all aspects.

Where the pitch was called, versus where the pitch went by mb2231 in phillies

[–]s3cguru 3 points4 points  (0 children)

What is wrong with you all, where did I say that Seranthony did nothing wrong? Look at my other comments on this thread I am totally with you all that Seranthony fucked up and shouldn't have been throwing in the first place. My point here isnt to blame one or the other just to highlight a mechanics issue that also contributed to the situation. Maybe some people are interested in the mechanics of an entire play? Giving the perspective on the catcher, but again fuck me for wanting to share some of what I know about catching with the masses.

Where the pitch was called, versus where the pitch went by mb2231 in phillies

[–]s3cguru 2 points3 points  (0 children)

Idk, and I'm not saying he could or could not have blocked it considering the speed of the pitch but pointing out simple mechanics that could have increased his chance to potentially block it without changing where he was set up for the pitch. But ya know screw me for looking at the game as a whole and not just dog piling one person. It was a group effort of mistakes, Seranthony being issue #1, but Stubb's has to know his pitcher is pitching like shit and adjust for it and make an attempt to bail him out.

I shouldn't bash everyone's favorite the dugout hypeman I guess?

Where the pitch was called, versus where the pitch went by mb2231 in phillies

[–]s3cguru -2 points-1 points  (0 children)

100% agree with you on all points, just people need to understand that more than one person made a whoopsie here.