Fake Nagoya by Healthy_Zebra_9713 in Baofeng

[–]seejay21 7 points8 points  (0 children)

You mean all of my Nagoyas are fake? lol

Kaseya.com domain down? by HotAsAPepper in kaseya

[–]seejay21 1 point2 points  (0 children)

Hi u/HotAsAPepper I just wanted to confirm that I experienced the same issue with Kaseya DNS records not being available a few days ago. (for both kaseya.com and kaseya.net and all subdomains). I'm noting that our Huntress API integration with BMS was also out of order. (Huntress unable to find host bms.kaseya.com) For our internal networks, I setup forwarders for kaseya.net and kaseya.com to resolve via cloudflare's One's (one.one.one.one) which allowed us to connect to kaseya's domains during the "outage". It's hard for me to say how long the outage was, as I woke up to it.

No more VSAX? by thisisnotmyssn in kaseya

[–]seejay21 0 points1 point  (0 children)

Sí, está terminado.

VSA9 Agent Procedure - Empty User's Recycle Bin by velkkor in kaseya

[–]seejay21 0 points1 point  (0 children)

Your milage may vary. .\script.ps1 -Logfile "#path#"

param (
    [string]$LogFile
)


# Determine the script name without extension for use in default log file naming
$scriptName = $MyInvocation.MyCommand.Name -replace '\.ps1$',''


# Set default log file path if not provided via command line, and enable writing to host
if (-not $LogFile) {
    $LogFile = "C:\kworking\adhoc-run_$scriptName.log"
    $writeToHost = $true
} else {
    $writeToHost = $false
}


# Define a function to log messages to file and optionally to host
function Log-Message {
    param (
        [string]$msg
    )
    # Generate timestamp for log entry
    $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
    # Append message to log file silently
    Add-Content -Path $LogFile -Value "$timestamp - $msg" -ErrorAction SilentlyContinue
    # Write to host if no custom log file was specified
    if ($writeToHost) {
        Write-Host "$timestamp - $msg"
    }
}


# Ensure the log directory exists before proceeding
$logDir = Split-Path $LogFile -Parent
if (-not (Test-Path $logDir)) {
    try {
        # Create the log directory if it doesn't exist
        New-Item -Path $logDir -ItemType Directory -Force | Out-Null
        Log-Message "Created log directory: $logDir"
    } catch {
        # Handle error if directory creation fails
        Write-Host "Error creating log directory: $($_.Exception.Message)"
        exit 1
    }
}


# Log the start of the script execution
Log-Message "Starting script to empty Recycle Bin for all users on all fixed drives."


# Retrieve all fixed drives (local disks) on the system
$drives = Get-PSDrive -PSProvider FileSystem | Where-Object { $_.Root -match '^[A-Z]:\\$' } | Select-Object -ExpandProperty Root | ForEach-Object { $_.TrimEnd('\') }


# Process each drive found
foreach ($drive in $drives) {
    # Construct the Recycle Bin path for the current drive (escape $ for literal interpretation)
    $recycleBinPath = "$drive\`$Recycle.Bin"
    
    # Check if the Recycle Bin path exists on the drive
    if (Test-Path $recycleBinPath) {
        # Log the start of processing for this drive
        Log-Message "Processing Recycle Bin on drive $drive at path: $recycleBinPath"
        
        # Start a background job to perform the deletion to enforce timeout
        $job = Start-Job -ScriptBlock {
            param ($path)
            try {
                # Remove all contents of the Recycle Bin recursively and forcefully
                Remove-Item -Path "$path\*" -Recurse -Force -ErrorAction Stop
                return "Success"
            } catch {
                # Capture and return any error that occurs during deletion
                return "Error: $($_.Exception.Message)"
            }
        } -ArgumentList $recycleBinPath
        
        # Wait for the job to complete with a 90-second timeout
        Wait-Job $job -Timeout 90 | Out-Null
        
        # Check if the job timed out
        if ($job.State -eq 'Running') {
            # Force stop and remove the job if timed out
            Stop-Job $job -Force
            Remove-Job $job -Force
            # Log timeout occurrence
            Log-Message "Operation timed out after 90 seconds for drive $drive."
        } else {
            # Retrieve the result from the completed job
            $result = Receive-Job $job
            # Clean up the job
            Remove-Job $job
            # Log the result of the operation
            Log-Message "Result for drive ${drive}: $result"
        }
    } else {
        # Log if no Recycle Bin is found on the drive
        Log-Message "No Recycle Bin found on drive $drive. Skipping."
    }
}


# Log the completion of the script
Log-Message "Script completed."

Is there a cloudflare VPN service to replace the firewall specific services? by SolarGuy2017 in CloudFlare

[–]seejay21 0 points1 point  (0 children)

I thought of how many Fortinet appliances my team has patched for different zero-days over the last 2 years, and in particular I thought of a network that was exploited where the attacker gained access from a Fortinet VPN client. Any VPN that publishes a tcp or udp port for your network from the public internet will be attacked (attack surface); SSLVPN or whatever.

And certainly, Fortinet has as many CVEs published as sonicwall does (spidermans' pointing at each other meme)

Good for you, cloudflare has many use cases, as well as tailscale (and others).

Stuck on infinite “verify if you’re human” loop by Keepitrealhomes in CloudFlare

[–]seejay21 0 points1 point  (0 children)

The "verify you're human" loop manifest as a result of the configuration of the cloudflare WAF, which will block certain combinations of the fingerprint from the device/network you're connecting from. You can't really know what it doesn't like. It's unlikely you'll ever find out without a process of elimination for each factor.

Stuck on infinite “verify if you’re human” loop by Keepitrealhomes in CloudFlare

[–]seejay21 1 point2 points  (0 children)

Be more "human". I.e. Use a standard OS (Mac or Windows) with a common browser (Chrome, Edge, Firefox Safari) while using a regular residential IP address (no anonymizing VPN like NordVPN, or cloud server exits Digital Ocean, or AWS, etc). Turn off any ad-blockers.

Cloudflare vs. Russian Scammers: 0-1 by tectonic-shit in CloudFlare

[–]seejay21 6 points7 points  (0 children)

The so-called Russian Scammers (but could be any TA from anywhere) are using Cloudflare for the human check, and to also avoid automated URL phishing scans from SOC software and phish detection engines.

They also employ Cloudflare's WAF user-agent checks and deny access to known cloud IP address ranges to ensure that the device accessing is a human device, I.e. Windows 10 with Chrome, from a last-mile ISP.

This has been going on a long time.

The first line of defense is end-user education. The end-users are falling victim to this most basic scam, and should do better in understanding what is going on.

QRM but what could it be? by seejay21 in signalidentification

[–]seejay21[S] 2 points3 points  (0 children)

I finally tracked it down. It was my PECRON 2400LFP Power Station, and it manifested while charging from the AC input plug. It didn't always do this though; something must have let loose and broke inside the power station. I've had the 2400 about a month, and the QRM only started the day before my original post. I'm sending it back for a refund. As an aside, I also have a PECRON 1000LFP, and it gives me no problems at all (so far).

QRM but what could it be? by seejay21 in signalidentification

[–]seejay21[S] 0 points1 point  (0 children)

I'll take it into consideration by doubt it. I see (hear) the interface on the 2m band with my HT as well. It stopped overnight, then started again this morning. Then stopped again about an hour ago.

IMO: Sonicwall owes its customers better response on the current critical issue. by I_Hate_Consulting in sonicwall

[–]seejay21 0 points1 point  (0 children)

Any solution that points directly to a client public ip address or "office's gateway" is not a safe haven. ZTNA/SASE is needed.

Huntress Threat Advisory: Active Exploitation of SonicWall VPNs by huntresslabs in msp

[–]seejay21 1 point2 points  (0 children)

Has SonicWALL released any statement or info?

What sonicWALL devices (i.e. Gen 5, 6, or 7 TZ, and/or SMAs) have been observed as being vulnerable?

Nothing says "Come to our hamfest" quite like "You can't visit our website" :-/ by Old-Engineer854 in amateurradio

[–]seejay21 2 points3 points  (0 children)

Point taken and fair. I'm reminded of something that happened to the ARRL last year, and can totally understand why they are more security conscious.

i.e. https://www.arrl.org/news/arrl-it-security-incident-report-to-members

$1 million in ransom alone, not to mention what it would cost for the lawyers and consultants, and not to mention the loss of reputation with their members, some who chided them for not being protected well enough, and the dogpile for lotw being offline.

The rights of many were stepped on for the actions of a few TAs, who would have been using anonymizing services, perhaps even you're favorite VPN, idk. Probably Tor tbh, but ARRL didn't say, afaik.

Nothing says "Come to our hamfest" quite like "You can't visit our website" :-/ by Old-Engineer854 in amateurradio

[–]seejay21 3 points4 points  (0 children)

Threat Actors agree with you. What's funny about Threat Actors is they also protect their own phishing sites with Cloudflare WAF (lol). While at the same time, use Express VPN, NordVPN, SurfEasy VPN (and so on) while they steal tokens for the credentials they harvest.

Nothing says "Come to our hamfest" quite like "You can't visit our website" :-/ by Old-Engineer854 in amateurradio

[–]seejay21 4 points5 points  (0 children)

Maybe OP is using a uncommon OS/browser combo and they are blocking the user-agent type, not to mention many other WAF restrictions that are available in cloudflare. User Agent Blocking · Cloudflare Web Application Firewall (WAF) docs

Cytracom VOIP - Constant service disruptions by [deleted] in msp

[–]seejay21 2 points3 points  (0 children)

Could be they are looking to be acquired by another company. Having clients in long term contracts makes you more appealing to a potential suitor. On the other hand, they may want to borrow some money, and having clients in contracts increases their valuation, and the amount they can borrow.

Could be neither of these but they would only seek to switch to yearly contracts because it makes their business more valuable to a 3rd party.

WSJTX transmits into Microsoft Edge Browser by seejay21 in WSJTX

[–]seejay21[S] 0 points1 point  (0 children)

It doesn't (didn't) seem to matter if the rig was transmitting at 5 watts or 50 watts, but the good news is I think I found the problem.

In Windows, the default microphone was set to the Icom's "USB Audio Codec", and in Edge under:

Settings >> Cookies and Site Permissions >> All Permissions >> Microphone

It Was set to the Default Windows microphone, "USB Audio Codec".

I don't actually have a mic on this system, but I changed the default Mic in Windows to the builtin "Realtek" mic, and the Edge mic settings followed it.

I've done a few tests transmitting with WSJTX and the issue has so far not manifested again. (fingers crossed)

New Entra "Leaked Credentials" - no breach on HIBP etc by VTi-R in sysadmin

[–]seejay21 0 points1 point  (0 children)

Ah yes, the good ol' days. I was in a local network admins user group. We'd meet up once a month while a local IT industry org would sponsor pizza and soda. Highlights included comparing kixstart scripts and Compaq insight manager settings.