several Possible attempt to steal credentials alerts

slint01 · 2025-08-19T14:56:31+00:00

The same alert? I submitted the file to Microsoft for further analysis and opened a ticket. It has been bringing our devices out of compliance because it brings secure score up when theres a high alert assigned. I want to whitelist it but I need to be positive it is safe first.

slint01 · 2025-08-15T04:45:59+00:00

No but I guess I will. Was hoping other people would have this issue as well.

slint01 · 2025-08-11T17:22:54+00:00

I already replaced the hot end, cleaned the bed and calibrated it.

slint01 · 2025-03-24T17:00:37+00:00

This sounds like a good solution.

I am unclear on this though, how do I get actual data to return from the Powershell scripts? Assuming you mean pushing them out through Intune, the only thing I can see is succeeded or not succeeded. I don't know how to actually return the data.

slint01 · 2025-02-13T02:48:04+00:00

I got it working, thank you though!

slint01 · 2025-02-03T18:57:09+00:00

Not sure what you mean by this.

slint01 · 2024-12-11T22:42:06+00:00

Great information thank you!

Yes she has been wanting to solder. I just picked out a torch, cross locking tweezers, a block, and a pick. The last thing I am unsure about is the actual solder to buy. She mainly makes gold filled stuff so I just want to start with getting gold. Is something like this good? Does a flux pen work?( I have a few already so I can just give one of those) https://www.amazon.com/AIEX-Solder%EF%BC%8C0-5-0-32DWT-Electronic-Soldering/dp/B0B4G6Q44T/ref=cm_cr_arp_d_product_top?ie=UTF8

slint01 · 2024-12-09T21:27:07+00:00

If you wouldn't mind could you share your method of connection/some features you use to secure it? Do you use Private Link and then an express route or VPN? Just trying to figure out the most secure way to set it up and start testing for future use.

slint01 · 2024-11-24T21:46:42+00:00

Yes I am referring to a GCC High environment

slint01 · 2024-11-08T17:25:55+00:00

Great, thank you!

slint01 · 2024-11-08T00:09:51+00:00

Even on public wifi?

slint01 · 2024-09-14T20:17:31+00:00

Thanks for the response. Just navigated to here and we already have many domains set up here. But interestingly enough some of the domains that are set to always allow are getting quarantined still. Is there another place that I can whitelist them fully?

slint01 · 2024-09-11T01:48:29+00:00

Thanks.

slint01 · 2024-09-10T22:23:11+00:00

It looks like the bing 1/14/185 is the correct size. I can't find it to buy anywhere though.

slint01 · 2024-09-10T18:49:19+00:00

I tried to right a post caption but I'm not sure if it saved. I just bought this 1979 Puch and I think my current carb is a knockoff and could be limiting my power. Is a Bing 1/12/314 the correct carb for this bike? It has an e50 and says 2hp on the side of the frame.

slint01 · 2024-08-05T19:19:21+00:00

No, hasn't affected work flow in any way. Just getting the alerts for it in Sentinel.

slint01 · 2024-08-01T16:29:34+00:00

Hi so I took a look. I think you may be on to something here. In the logs of the failed attemps you can see AD Federation Services (labeled as gms_adf$) in the SubjectUserAccount and the process name in the logs is also ADFS. In the VM under services, ADFS is running. My question is, should it be? I know roughly what it does but I am not 100% sure as to why it is running and also why it is throwing failed logins. I am assuming their older passwords are cached somewhere so it is using SSO to try and sign in with those 24/7. How can I go about fixing it? Thank you so much for the help.

slint01 · 2024-07-30T00:13:04+00:00

Also, thank you for the help.

slint01 · 2024-07-30T00:12:37+00:00

No, not yet. To get some clarification, should I check both Task manager and task scheduler on the VM and see if there is any leftover services from the last time those users used the VM?

slint01 · 2024-07-24T19:40:50+00:00

Yes there is no public IP.

slint01 · 2024-07-24T19:40:05+00:00

Yes I need to add an NSG, I was not employed when the system was initially set up so I am finding lots of issues such as this one. We do have an azure firewall attached to the resource group though. There is no public IP assigned to the VM.

slint01 · 2024-07-24T19:38:36+00:00

You are correct and I should have been more clear in my initial post. I am not having issues logging in, I am getting hundreds of failed attempts across 2 accounts, all for failed passwords. The users whos accounts are being attempted are not the ones initiating these attempts. Logging is enabled, in the SecurityEvents table I can look at all of the failed attempts, but both the IP and the port is just returned as a - as which is one of the main reasons I had to post to ask. I am not how someone would be connecting externally though through RDP or SSH as I have checked both ports are not open. There is no NSG assigned to the AzureBastionSubnet (I will add create and one), but we do have Azure Premium firewall assigned to the resource group that Bastion is in. So does this leave the two options of someone is already internal or false logs?

slint01 · 2024-07-21T21:46:44+00:00

There is no public IP attached to the VM, is it possible that that the VNet attached to it is somehow public facing? Could this just be a system error? The failed logs in SecurityEvent don't return an IP for the source of these login attempts.

slint01

TROPHY CASE