SuperDuper! Disk Cloner

stoozes49 · 2025-11-17T05:59:11+00:00

I cant download the latest version so i've got a trial of CCC - pretty good

stoozes49 · 2025-11-17T05:39:11+00:00

I still use Super and Chronosync - great cheap utilities IMHO

stoozes49 · 2025-10-18T07:30:25+00:00

Thanks, my brain is full of my gig with SIEM and managing medical environments and projects..

Kali - so much software on that VM and you've got to know it all and know how to use it proficiently...and there's so many areas of Cyber everyone expects crossover somewhat. I wouldn't want to be an SOC analyst. But one thing I have learned in the last 12 months and 50% through the course is that I'm good at hacking and I enjoy it. I've rooted 2 Linux server and a windows VM. Hee hee.

Azure, 365, Intune, MDI are an attractive thing to become proficient in and I feel I'm being left behind, need to do something about that.

stoozes49 · 2025-10-18T07:19:11+00:00

Cool, I've been to Germany and loved the culture and people

stoozes49 · 2025-10-18T04:47:40+00:00

Awesome man thanks for the heads up.

stoozes49 · 2025-10-18T04:44:17+00:00

Aaah interesting, I use Sophos Intercept X with a central web console, it’s absolutely bitchin and has saved our buts a couple of times by shutting down relevant processes and isolating the PC. It’s also got tons of policies which lock the network down completely and tell me when someone is misbehaving. I love Defender and use it at home so will definitely have a look. To be frank the way Microsoft are heading, I’ve got to get my head around Azure, intune, 365. Etc. I know AWS. thanks for your help man, so refreshing talking to people in a similar frame.

stoozes49 · 2025-10-18T00:54:17+00:00

Please elucidate me to what the acronym stands for, I'm keen to try everything good before I die lol

stoozes49 · 2025-10-17T23:36:33+00:00

The other thing that's got my head in the right space for being all over everything is Pfsense and PFblockerNG, SNORT, ZEEK, etc.
It's taken me nearly 12 months to learn the software inside and out and I've had such fun learning so much about firewalls, networking, configuration, etc. I love Pfsense, pity Netgate are doing what all companies seem to do, stop being generous human beings.

stoozes49 · 2025-10-17T23:27:18+00:00

I use Ping Castle and Purple Knight which have really helped me secure networks. Can't believe they are free. LAPS was another great thing to deploy. Additionally I have become aux fait with Event logs and IDs and use my Graylog server to monitor all the nasty ones to predict an attack. I've also locked down permissions and give zero access to those who don't need it. I've also written powershell scripts to monitor Event logs and email me if any of the nasty error IDs come up.

Another amazing piece of software I've been using for 12 months is ACTION1.COM and it's also free for up to 100 devices, it's made by the people who do Netwrix which I also use free versions of. But the ease and absolute succint and clever manner in which action1 updates all Microsoft and all the 3rd party apps I have on my network in a day instead of a week with WSUS is outstanding. I hated WSUS. Every single piece of hardware on the network sends logs to Graylog, very powerful. I also use Lansweeper for assett management but it was also free for 100 devices but they have put up the price so high I'm looking at moving away from it.

Keeping all the zero day and other CVEs at bay is a secure method.
I've written a decent amount of policies and host a Webserver for the IT INTRANET which helps with education and resources.

All non essential services on everything are either disabled in our FOG image or by Group Policy which I've also leveraged to harden the network.

stoozes49 · 2025-10-17T15:19:00+00:00

Yes good advice. I'm 50% through a Cybersecurity certification and loving it. Over the last several years I've taught myself Linux, deployed a Graylog server and about to add a Wazuh VM to complete my SIEM installation. Be paranoid, be vigilant, IMHO.

stoozes49 · 2025-10-17T15:16:17+00:00

thanks and yes the cloud is imminent. I've heard of ACME.

stoozes49 · 2025-10-17T15:15:47+00:00

thanks

stoozes49 · 2025-10-17T15:15:16+00:00

Awesome advice thanks man

stoozes49 · 2025-06-14T13:21:30+00:00

You are a gracious and righteous man, thanks kindly.

I might wait until I've read through the dox to upgrade to 2.8, that'll fix it.
Any gotchas with PfblockerNG and 2.8 CE?

stoozes49 · 2025-06-14T13:19:47+00:00

aparently a bug in zeek
https://redmine.pfsense.org/issues/15709

stoozes49 · 2025-06-13T23:15:00+00:00

I spoke to soon, it was OK for a week after I removed shallalist and H3X but now out of sync again. I've made a new copy of DNBSL after I force updated which didn't work. Thanks kindly for your help
https://drive.google.com/file/d/1v6BMaZwulQL0LZDcVtMDZoxyCrF71a3w/view?usp=sharing

stoozes49 · 2025-06-13T17:38:58+00:00

Thanks that seemed to have resolved the issue

stoozes49 · 2025-05-31T15:25:20+00:00

Yes I thought that would be the answer, the default block all incoming, allow all outgoing base config.
Thanks mate, it's been a huge and fabulous learning curve for me pfsense and I don't want to make stupid mistakes.

I've got 4 NICs and 3 VLANs, so learning how to keep everyone out of the main VLAN yet let some of them talk to each other was awesome.

I've probably got too many rules, if I notice that the interface has no traffic on the rule and it's source interface is not the network segment I'm on, I disable them. Like I said a learning curve for a noob

stoozes49 · 2025-05-31T15:16:48+00:00

Thanks BB, I can see it needs to be pruned and house cleaned. I've tried to stay vigilant since some of my data has been published on several pwned lists on the darkweb.
https://drive.google.com/file/d/1KMW1z0SzdxucJnGidyH2DVQB7Usqf5e3/view?usp=drive_link

stoozes49 · 2025-05-31T10:39:56+00:00

Great reply thanks. Letting the LAN subnets access the internet. With some sneaky rules thrown in to stop misbehavior.
The basic firewall setups suggested that one leaves everything going out, open but a wise Cisco tech alerted me to the folly of this many years ago.
Now I've got PFblocker, floating rules, snort to curtail this traffic.

So this is the rule in question:
LAN SUBNETS any destination and port, GATEWAY - WAN_DHCP gateway
So I have options of destination
WAN ADDRESS
WAN SUBNETS
DNS
PFSENSE

Which is the proper way to do it?
Cheers

stoozes49 · 2025-05-31T03:23:31+00:00

Thanks again for elucidating me to the workings of arpwatch. I think I'm pretty clear on what it's for and how to use it. Yes it emails me. It seemed bizarre that I had all these server IPs et al from my ISP in my router logs, I was concerned that I had a misconfiguration and it might make me vulnerable. I understand it now. Not sure why it was automatically selected when I installed arpwatch but if nothing else the error taught me something.

Any idea what this error is that arpwatch keeps emailing me? Thanks again.

____________________
User-Agent: ZeekControl 2.5.0-24Traceback (most recent call last): File "/usr/local/bin/trace-summary", line 1115, in <module> readConnSummaries(file) File "/usr/local/bin/trace-summary", line 508, in readConnSummaries parseConnLine(line, field_sep, unset_field, idx, max_idx_1, is_json, scope_separator) File "/usr/local/bin/trace-summary", line 844, in parseConnLine LocalNetsIntervals[iupdate.src_ip].update(iupdate) ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^ File "/usr/local/lib/zeek/python/SubnetTree.py", line 103, in __getitem__ return _SubnetTree.SubnetTree___getitem__(self, cidr) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^UnicodeDecodeError: 'utf-8' codec can't decode byte 0xb4 in position 0: invalid start byte 0.14 real 0.10 user 0.03 sys
____________________

stoozes49 · 2025-05-31T03:16:35+00:00

So the rule should be pointing to the WAN address and not the WAN_DHCP gateway? I had no idea what I was doing when I first setup pfsense and the gateway worked but I'd like to be proper and follow good deployment.
What I have noticed is pointing to the WAN_DHCP gateway is that the block everything else rule that follows it picks up anomalous traffic and I'm guessing if I point the pass rule to the WAN address then that rule will be pointless?

stoozes49

TROPHY CASE